Gerv

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 41.0 Mozilla Firefox ESR versions 38.x prior to 38.3 **Description** The issue is related to a lack of protection for service data, allowing a remote attacker to bypass existing access restrictions and execute a redirect to a specified URL using specially crafted JavaScript code. This can be achieved when a user performs a drag-and-drop action of an image into a TEXTBOX element, allowing the attacker to discover the target URL of a redirect. **Recommendations** For Mozilla Firefox versions prior to 41.0, update to version 41.0 or later to resolve the issue. For Mozilla Firefox ESR versions 38.x prior to 38.3, update to version 38.3 or later to resolve the issue. As a temporary workaround, consider restricting the use of JavaScript code in the browser until a patch is applied.