CVE-2014-1561

Mozilla Firefox before 31.0 does not properly restrict use of drag-and-drop events to spoof customization events, which allows remote attackers to alter the placement of UI icons via crafted JavaScript code that is encountered during (1) page, (2) panel, or (3) toolbar customization.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.8 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 73%
Affected Products (NVD)
VendorProductVersion
mozillafirefox
𝑥
≤ 30.0
oraclesolaris
11.3
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
firefox
lucid
ignored
precise
Fixed 31.0+build1-0ubuntu0.12.04.1
released
trusty
Fixed 31.0+build1-0ubuntu0.14.04.1
released
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
MozillaFirefox
suse enterprise desktop 15
52.7.3-1.35
fixed
suse enterprise sap 15
52.7.3-1.35
fixed
suse enterprise server 15
52.7.3-1.35
fixed
MozillaFirefox-devel
suse enterprise desktop 15
52.7.3-1.35
fixed
suse enterprise sap 15
52.7.3-1.35
fixed
suse enterprise server 15
52.7.3-1.35
fixed
MozillaFirefox-translations-common
suse enterprise desktop 15
52.7.3-1.35
fixed
suse enterprise sap 15
52.7.3-1.35
fixed
suse enterprise server 15
52.7.3-1.35
fixed
MozillaFirefox-translations-other
suse enterprise desktop 15
52.7.3-1.35
fixed
suse enterprise sap 15
52.7.3-1.35
fixed
suse enterprise server 15
52.7.3-1.35
fixed
Common Weakness Enumeration
References
http://secunia.com/advisories/59760
http://secunia.com/advisories/60628
http://www.mozilla.org/security/announce/2014/mfsa2014-60.html
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
http://www.securitytracker.com/id/1030619
https://bugzilla.mozilla.org/show_bug.cgi?id=1000514
https://bugzilla.mozilla.org/show_bug.cgi?id=910375
https://security.gentoo.org/glsa/201504-01
http://secunia.com/advisories/59760
http://secunia.com/advisories/60628
http://www.mozilla.org/security/announce/2014/mfsa2014-60.html
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
http://www.securitytracker.com/id/1030619
https://bugzilla.mozilla.org/show_bug.cgi?id=1000514
https://bugzilla.mozilla.org/show_bug.cgi?id=910375
https://security.gentoo.org/glsa/201504-01