CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:P/A:P
AI Score
Confidence
High
EPSS
Percentile
79.9%
Mozilla Firefox before 31.0 does not properly restrict use of drag-and-drop events to spoof customization events, which allows remote attackers to alter the placement of UI icons via crafted JavaScript code that is encountered during (1) page, (2) panel, or (3) toolbar customization.
secunia.com/advisories/59760
secunia.com/advisories/60628
www.mozilla.org/security/announce/2014/mfsa2014-60.html
www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
www.securitytracker.com/id/1030619
bugzilla.mozilla.org/show_bug.cgi?id=1000514
bugzilla.mozilla.org/show_bug.cgi?id=910375
security.gentoo.org/glsa/201504-01