Due to the Firefox GTK wrapper codes use of text/plain for drag data and GTK treating all text/plain MIMEs containing file URLs as being dragged a website could arbitrarily read a file via a call to DataTransfer.setData. This vulnerability affects Firefox < 109, Thunderbird < 102.7, and Firefox ESR < 102.7.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Firefox | Mozilla | * | 109.0 (excluding) |
Firefox_esr | Mozilla | * | 102.7 (excluding) |
Thunderbird | Mozilla | * | 102.7 (excluding) |