Published: 11/06/2014 Updated: 28/12/2017

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

Mozilla Firefox prior to 30.0 and Thunderbird up to and including 24.6 on OS X do not ensure visibility of the cursor after interaction with a Flash object and a DIV element, which makes it easier for remote malicious users to conduct clickjacking attacks via JavaScript code that produces a fake cursor image.

Vulnerable Product	Search on Vulmon	Subscribe to Product
mozilla thunderbird
mozilla thunderbird 24.5
mozilla thunderbird 24.2
mozilla thunderbird 24.1.1
mozilla firefox
mozilla thunderbird 24.1
mozilla thunderbird 24.0.1
mozilla thunderbird 24.0
mozilla thunderbird 24.4
mozilla thunderbird 24.3

Mozilla Foundation Security Advisory 2014-50 Clickjacking through cursor invisibility after Flash interaction Announced June 10, 2014 Reporter Jordi Chancel Impact High Products Firefox Fixed in ...

CWE-20 https://bugzilla.mozilla.org/show_bug.cgi?id=995603 http://www.mozilla.org/security/announce/2014/mfsa2014-50.html http://www.securityfocus.com/bid/67967 http://secunia.com/advisories/59171 http://www.securitytracker.com/id/1030388 http://lists.opensuse.org/opensuse-updates/2014-07/msg00001.html http://secunia.com/advisories/59387 http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html https://security.gentoo.org/glsa/201504-01 http://secunia.com/advisories/59486 http://lists.opensuse.org/opensuse-updates/2014-06/msg00040.html https://nvd.nist.gov https://www.mozilla.org/en-US/security/advisories/mfsa2014-50/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2014-1539

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect