When dragging content from the primary browser pane to the address bar on a malicious site, it is possible to change the address bar so that the displayed location following navigation does not match the URL of the newly loaded page. This allows for spoofing attacks.
When dragging content from the primary browser pane to the address bar on a malicious site, it is possible to change the address bar so that the displayed location following navigation does not match the URL of the newly loaded page. This allows for spoofing attacks.
https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/#CVE-2017-5417 https://bugzilla.mozilla.org/show_bug.cgi?id=791597