{ "CVE_data_meta": { "ASSIGNER": "security@mozilla.org", "ID": "CVE-2017-7812", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Firefox", "version": { "version_data": [ { "version_affected": "<", "version_value": "56" } ] } } ] }, "vendor_name": "Mozilla" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "If web content on a page is dragged onto portions of the browser UI, such as the tab bar, links can be opened that otherwise would not be allowed to open. This can allow malicious web content to open a locally stored file through \"file:\" URLs. This vulnerability affects Firefox < 56." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Drag and drop of malicious page content to the tab bar can open locally stored files" } ] } ] }, "references": { "reference_data": [ { "name": "1039465", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1039465" }, { "name": "https://www.mozilla.org/security/advisories/mfsa2017-21/", "refsource": "CONFIRM", "url": "https://www.mozilla.org/security/advisories/mfsa2017-21/" }, { "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1379842", "refsource": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1379842" }, { "name": "101057", "refsource": "BID", "url": "http://www.securityfocus.com/bid/101057" } ] } }