CVE-2016-5291

Summary

A same-origin policy bypass with local shortcut files to load arbitrary local content from disk. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50.

Affected Software

VendorProductVersion RangeStatus
MozillaThunderbirdunspecified < 45.5affected
MozillaFirefox ESRunspecified < 45.5affected
MozillaFirefoxunspecified < 50affected

Weaknesses

  • Same-origin policy violation using local HTML file and saved shortcut file

ADP Enrichment

CVE Program Container

Additional References

References