CVE-2016-5279

Published: Sep 22, 2016Modified: May 6, 2026

4.3

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

Exploitability: 2.8 / Impact: 1.4

Source: NVD

Description

Mozilla Firefox before 49.0 allows user-assisted remote attackers to obtain sensitive full-pathname information during a local-file drag-and-drop operation via crafted JavaScript code.

Affected (1)

Products: Mozilla: Firefox

Mozilla

1 product

Firefox

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Mozilla Firefox	Up to 48.0.2

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (10)

http://www.mozilla.org/security/announce/2016/mfsa2016-85.html

Source: security@mozilla.org

Vendor Advisory

http://www.securityfocus.com/bid/93052

Source: security@mozilla.org

http://www.securitytracker.com/id/1036852

Source: security@mozilla.org

https://bugzilla.mozilla.org/show_bug.cgi?id=1249522

Source: security@mozilla.org

Issue Tracking

https://security.gentoo.org/glsa/201701-15

Source: security@mozilla.org

http://www.mozilla.org/security/announce/2016/mfsa2016-85.html