CVE-2014-1539

Published: Jun 11, 2014Modified: May 6, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:N/I:P/A:N

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

Mozilla Firefox before 30.0 and Thunderbird through 24.6 on OS X do not ensure visibility of the cursor after interaction with a Flash object and a DIV element, which makes it easier for remote attackers to conduct clickjacking attacks via JavaScript code that produces a fake cursor image.

Affected (10)

Products: Mozilla: Firefox, Thunderbird

2 products

Configuration A

10 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mozilla Firefox	Up to 29.0.1
Mozilla Thunderbird	Up to 24.6
Mozilla Thunderbird	Version 24.0.1
Mozilla Thunderbird	Version 24.0
Mozilla Thunderbird	Version 24.1.1
Mozilla Thunderbird	Version 24.1
Mozilla Thunderbird	Version 24.2
Mozilla Thunderbird	Version 24.3
Mozilla Thunderbird	Version 24.4
Mozilla Thunderbird	Version 24.5

Running on/with	Platform Versions
Apple Mac Os X	All versions

Related CWEs

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (22)

http://lists.opensuse.org/opensuse-updates/2014-06/msg00040.html

Source: security@mozilla.org

http://lists.opensuse.org/opensuse-updates/2014-07/msg00001.html

Source: security@mozilla.org

http://secunia.com/advisories/59171

Source: security@mozilla.org

http://secunia.com/advisories/59387

Source: security@mozilla.org

http://secunia.com/advisories/59486

Source: security@mozilla.org

http://www.mozilla.org/security/announce/2014/mfsa2014-50.html

Source: security@mozilla.org

Vendor Advisory

http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

Source: security@mozilla.org

http://www.securityfocus.com/bid/67967

Source: security@mozilla.org

http://www.securitytracker.com/id/1030388

Source: security@mozilla.org

https://bugzilla.mozilla.org/show_bug.cgi?id=995603

Source: security@mozilla.org

https://security.gentoo.org/glsa/201504-01

Source: security@mozilla.org

http://lists.opensuse.org/opensuse-updates/2014-06/msg00040.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.opensuse.org/opensuse-updates/2014-07/msg00001.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/59171

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/59387

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/59486

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.mozilla.org/security/announce/2014/mfsa2014-50.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/67967

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securitytracker.com/id/1030388

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugzilla.mozilla.org/show_bug.cgi?id=995603

Source: af854a3a-2127-422b-91ae-364da2661108

https://security.gentoo.org/glsa/201504-01

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.