CVE-2014-1561

Priority
Low
Description
Mozilla Firefox before 31.0 does not properly restrict use of drag-and-drop
events to spoof customization events, which allows remote attackers to
alter the placement of UI icons via crafted JavaScript code that is
encountered during (1) page, (2) panel, or (3) toolbar customization.
References
Assigned-to
chrisccoulson
Package
Upstream:released (31.0)
Ubuntu 10.04 LTS (Lucid Lynx):ignored (reached end-of-life)
Ubuntu 12.04 LTS (Precise Pangolin):released (31.0+build1-0ubuntu0.12.04.1)
Ubuntu 14.04 LTS (Trusty Tahr):released (31.0+build1-0ubuntu0.14.04.1)
Ubuntu 14.10 (Utopic Unicorn):released (31.0~b9+build1-0ubuntu1)
More Information

Valid XHTML 1.0 Strict

Updated: 2014-07-23 19:14:32 UTC (commit 8271)