Vulnerability Details : CVE-2014-1539
Mozilla Firefox before 30.0 and Thunderbird through 24.6 on OS X do not ensure visibility of the cursor after interaction with a Flash object and a DIV element, which makes it easier for remote attackers to conduct clickjacking attacks via JavaScript code that produces a fake cursor image.
Products affected by CVE-2014-1539
- cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:24.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:24.3:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:24.4:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:24.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:24.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:24.5:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:24.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:thunderbird:24.2:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2014-1539
0.84%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 73 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2014-1539
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:P/A:N |
10.0
|
2.9
|
NIST |
CWE ids for CVE-2014-1539
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-1539
-
http://www.securityfocus.com/bid/67967
Mozilla Firefox/Thunderbird CVE-2014-1539 Clickjacking Vulnerability
-
http://secunia.com/advisories/59486
Sign in
-
http://secunia.com/advisories/59387
Sign in
-
http://lists.opensuse.org/opensuse-updates/2014-07/msg00001.html
openSUSE-SU-2014:0855-1: moderate: seamonkey: Update fixes nine security
-
http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
Oracle Solaris Bulletin - April 2016
-
https://security.gentoo.org/glsa/201504-01
Mozilla Products: Multiple vulnerabilities (GLSA 201504-01) — Gentoo security
-
http://secunia.com/advisories/59171
Sign in
-
http://www.securitytracker.com/id/1030388
Mozilla Firefox Multiple Flaws Let Remote Users Execute Arbitrary Code and Conduct Clickjacking Attacks - SecurityTracker
-
http://lists.opensuse.org/opensuse-updates/2014-06/msg00040.html
openSUSE-SU-2014:0819-1: moderate: MozillaFirefox, mozilla-nspr: Update
-
http://www.mozilla.org/security/announce/2014/mfsa2014-50.html
Clickjacking through cursor invisibility after Flash interaction — MozillaVendor Advisory
-
https://bugzilla.mozilla.org/show_bug.cgi?id=995603
995603 - (CVE-2014-1539) Cursor can be totally invisible using flash object and div
Jump to