CVE-2015-0810

Published: Apr 1, 2015Modified: May 6, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

Mozilla Firefox before 37.0 on OS X does not ensure that the cursor is visible, which allows remote attackers to conduct clickjacking attacks via a Flash object in conjunction with DIV elements associated with layered presentation, and crafted JavaScript code that interacts with an IMG element.

Affected (1)

Products: Mozilla: Firefox

1 product

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mozilla Firefox	Up to 36.0.4

Running on/with	Platform Versions
Apple Mac Os X	All versions

Related CWEs

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (10)

http://www.mozilla.org/security/announce/2015/mfsa2015-35.html

Source: security@mozilla.org

Vendor Advisory

http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

Source: security@mozilla.org

http://www.securitytracker.com/id/1031996

Source: security@mozilla.org

https://bugzilla.mozilla.org/show_bug.cgi?id=1125013

Source: security@mozilla.org

https://security.gentoo.org/glsa/201512-10

Source: security@mozilla.org

http://www.mozilla.org/security/announce/2015/mfsa2015-35.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securitytracker.com/id/1031996

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugzilla.mozilla.org/show_bug.cgi?id=1125013

Source: af854a3a-2127-422b-91ae-364da2661108

https://security.gentoo.org/glsa/201512-10

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.