Rafael Gieschke

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 49.0 **Description** The issue allows remote attackers to obtain sensitive full-pathname information during a local-file drag-and-drop operation via crafted JavaScript code. This can be achieved when a user is tricked into performing a specific action, such as dragging and dropping a file. **Recommendations** For versions prior to 49.0, update to version 49.0 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 48.0 **Description** The issue is related to improper restriction of drag-and-drop operations for file: URL objects, which can be exploited by a remote attacker using a specially crafted website to access local files. This can allow user-assisted remote attackers to obtain access to local files. **Recommendations** For versions prior to 48.0, update to version 48.0 or later to resolve the issue. As a temporary workaround, consider restricting the use of drag-and-drop functionality in Firefox until a patch is applied.