Mozilla · Firefox · CVE-2015-0819
**Name of the Vulnerable Software and Affected Versions**
Mozilla Firefox versions prior to 36.0
**Description**
The issue concerns the UITour::onPageEvent function, which does not properly verify the origin of an API call, allowing remote attackers to perform spoofing and clickjacking attacks by accessing a UI Tour web site.
**Recommendations**
For versions prior to 36.0, update to version 36.0 or later to resolve the issue.