CVE-2014-1561

Name of the Vulnerable Software and Affected Versions Mozilla Firefox versions prior to 31.0

Description The issue allows remote attackers to alter the placement of UI icons via crafted JavaScript code encountered during page, panel, or toolbar customization. This is due to the improper restriction of drag-and-drop events to spoof customization events. The estimated number of potentially affected devices worldwide is not specified. There is no information about real-world incidents where this issue was exploited.

Recommendations For versions prior to 31.0, update to version 31.0 or later to resolve the issue. As a temporary workaround, consider restricting the use of drag-and-drop events in customization modes until a patch is available. Avoid using crafted JavaScript code during page, panel, or toolbar customization to minimize the risk of exploitation.