Vulnerability Details : CVE-2014-1561
Mozilla Firefox before 31.0 does not properly restrict use of drag-and-drop events to spoof customization events, which allows remote attackers to alter the placement of UI icons via crafted JavaScript code that is encountered during (1) page, (2) panel, or (3) toolbar customization.
Exploit prediction scoring system (EPSS) score for CVE-2014-1561
Probability of exploitation activity in the next 30 days: 0.67%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 77 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2014-1561
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
5.8
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:P/A:P |
8.6
|
4.9
|
NIST |
CWE ids for CVE-2014-1561
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-1561
-
http://www.mozilla.org/security/announce/2014/mfsa2014-60.html
Toolbar dialog customization event spoofing — MozillaVendor Advisory
-
https://bugzilla.mozilla.org/show_bug.cgi?id=1000514
1000514 - (CVE-2014-1561) Toolkit toolbar dialog customization event spoofingIssue Tracking
-
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
Oracle Solaris Bulletin - April 2016Third Party Advisory
- http://secunia.com/advisories/59760
-
http://www.securitytracker.com/id/1030619
Mozilla Firefox Multiple Flaws Let Remote Users Execute Arbitrary Code, Deny Service, and Spoof User Interface Elements - SecurityTracker
-
https://security.gentoo.org/glsa/201504-01
Mozilla Products: Multiple vulnerabilities (GLSA 201504-01) — Gentoo security
-
http://secunia.com/advisories/60628
Sign in
-
https://bugzilla.mozilla.org/show_bug.cgi?id=910375
910375 - New PanelUI / toolbar customization event spoofingIssue Tracking
Products affected by CVE-2014-1561
- cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*