UBUNTU-CVE-2016-5279

Details

Mozilla Firefox before 49.0 allows user-assisted remote attackers to obtain sensitive full-pathname information during a local-file drag-and-drop operation via crafted JavaScript code.

Affected Packages

firefox

Ubuntu 14.04 LTS

Fixed in:

49.0+build4-0ubuntu0.14.04.1

firefox

Ubuntu 16.04 LTS

Fixed in:

49.0+build4-0ubuntu0.16.04.1

References

REPORT

https://ubuntu.com/security/CVE-2016-5279

ADVISORY

https://ubuntu.com/security/notices/USN-3076-1

REPORT

https://www.cve.org/CVERecord?id=CVE-2016-5279

REPORT

https://www.mozilla.org/en-US/security/advisories/mfsa2016-85/