Mozilla Firefox prior to 30.0 and Thunderbird up to and including 24.6 on OS X do not ensure visibility of the cursor after interaction with a Flash object and a DIV element, which makes it easier for remote malicious users to conduct clickjacking attacks via JavaScript code that produces a fake cursor image.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mozilla thunderbird |
||
mozilla thunderbird 24.5 |
||
mozilla thunderbird 24.2 |
||
mozilla thunderbird 24.1.1 |
||
mozilla firefox |
||
mozilla thunderbird 24.1 |
||
mozilla thunderbird 24.0.1 |
||
mozilla thunderbird 24.0 |
||
mozilla thunderbird 24.4 |
||
mozilla thunderbird 24.3 |