Firace

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 48.0 **Description** The issue exists due to insufficient input validation in the browser, allowing a remote attacker to spoof the location bar by using special characters in the media type of a data: URL. This can be achieved through crafted characters in the `data:URL` type. **Recommendations** For versions prior to 48.0, update to version 48.0 or later to resolve the issue. As a temporary workaround, consider restricting the use of `data:URL` types until a patch is applied. Avoid using special characters in the media type of a `data:URL` to minimize the risk of exploitation.