Insufficient validation in the Drag and Drop API in conjunction with social engineering, may have allowed an attacker to trick end-users into creating a shortcut to local system files. This could have been leveraged to execute arbitrary code. This vulnerability affects Firefox < 115.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Firefox | Mozilla | * | 115.0 (excluding) |
| Firefox | Ubuntu | bionic | * |
| Firefox | Ubuntu | focal | * |
| Firefox | Ubuntu | kinetic | * |
| Firefox | Ubuntu | trusty | * |
| Firefox | Ubuntu | upstream | * |
| Firefox | Ubuntu | xenial | * |
| Thunderbird | Ubuntu | bionic | * |
| Thunderbird | Ubuntu | kinetic | * |
| Thunderbird | Ubuntu | trusty | * |
| Thunderbird | Ubuntu | xenial | * |