Mozilla Firefox prior to 31.0 does not properly restrict use of drag-and-drop events to spoof customization events, which allows remote malicious users to alter the placement of UI icons via crafted JavaScript code that is encountered during (1) page, (2) panel, or (3) toolbar customization.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mozilla firefox |
||
oracle solaris 11.3 |