Download
| Alert*
oval:org.secpod.oval:def:20636
Mozilla Firefox before 31.0 does not properly restrict use of drag-and-drop events to spoof customization events, which allows remote attackers to alter the placement of UI icons via crafted JavaScript code that is encountered during (1) page, (2) panel, or (3) toolbar customization. oval:org.secpod.oval:def:20617 Mozilla developers David Chan and Gijs Kruitbosch reported that it is possible to create a drag and drop event in web content which mimics the behavior of a chrome customization event. This can occur when a user is customizing a page or panel. This results in a limited ability to move UI icons wit ... oval:org.secpod.oval:def:702134 firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website. oval:org.secpod.oval:def:52262 firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website. oval:org.secpod.oval:def:20602 Mozilla Firefox before 31.0 does not properly restrict use of drag-and-drop events to spoof customization events, which allows remote attackers to alter the placement of UI icons via crafted JavaScript code that is encountered during (1) page, (2) panel, or (3) toolbar customization. oval:org.secpod.oval:def:20607 Mozilla developers David Chan and Gijs Kruitbosch reported that it is possible to create a drag and drop event in web content which mimics the behavior of a chrome customization event. This can occur when a user is customizing a page or panel. This results in a limited ability to move UI icons wit ... |