Mozilla

mozilla

Mozilla Foundation Security Advisory 2014-60

Toolbar dialog customization event spoofing

Announced
July 22, 2014
Reporter
David Chan, Gijs Kruitbosch
Impact
Low
Products
Firefox
Fixed in
  • Firefox 31

Description

Mozilla developers David Chan and Gijs Kruitbosch reported that it is possible to create a drag and drop event in web content which mimics the behavior of a chrome customization event. This can occur when a user is customizing a page or panel. This results in a limited ability to move UI icons within the visible window but does not otherwise affect customization or window content.

References