CVE-2016-5266

CVSS v3.0 8.1 (High)

CVSS v2.0 5.8 (Medium)

EPSS 0.86 % (83^th)

Affected Products 1

Advisories 3

Mozilla Firefox before 48.0 does not properly restrict drag-and-drop (aka dataTransfer) actions for file: URIs, which allows user-assisted remote attackers to access local files via a crafted web site.

Weaknesses

CWE-264: Permissions, Privileges, and Access Controls

CVE Status: PUBLISHED
CNA: Mozilla Corporation
Published Date: 2016-08-05 01:59:22
(8 years ago)
Updated Date: 2017-08-16 01:29:09
(7 years ago)

Affected Products

Mozilla

Firefox

Configuration #1

		CPE23	From	Up To
	Mozilla Firefox 47.0.1 and prior versions	cpe:2.3:a:mozilla:firefox		<= 47.0.1