An issue has been found in Firefox < 53. When a javascript: URL is drag and dropped by a user into the addressbar, the URL will be processed and executed. This allows for users to be socially engineered to execute an XSS attack on themselves.
An issue has been found in Firefox < 53. When a javascript: URL is drag and dropped by a user into the addressbar, the URL will be processed and executed. This allows for users to be socially engineered to execute an XSS attack on themselves.
https://www.mozilla.org/en-US/security/advisories/mfsa2017-10/#CVE-2017-5458 https://bugzilla.mozilla.org/show_bug.cgi?id=1229426