Early Access — Mondoo Vulnerability Intelligence is currently in preview.
Mozilla Firefox before 48.0 does not properly restrict drag-and-drop (aka dataTransfer) actions for file: URIs, which allows user-assisted remote attackers to access local files via a crafted web site.
24.0+build1-0ubuntu125.0+build3-0ubuntu0.13.10.128.0+build1-0ubuntu128.0+build2-0ubuntu128.0+build2-0ubuntu228.0~b2+build1-0ubuntu229.0+build1-0ubuntu0.14.04.230.0+build1-0ubuntu0.14.04.331.0+build1-0ubuntu0.14.04.132.0+build1-0ubuntu0.14.04.1+32 more48.0+build2-0ubuntu0.14.04.141.0.2+build2-0ubuntu142.0+build2-0ubuntu144.0+build3-0ubuntu244.0.1+build1-0ubuntu144.0.2+build1-0ubuntu145.0+build2-0ubuntu145.0.1+build1-0ubuntu145.0.2+build1-0ubuntu146.0+build5-0ubuntu0.16.04.246.0.1+build1-0ubuntu0.16.04.2+1 more48.0+build2-0ubuntu0.16.04.1Exploitability
AV:NAC:LPR:NUI:RScope
S:UImpact
C:HI:HA:NCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N