Closed Bug 1480734 Opened 7 years ago Closed 7 years ago

Dragging an email from Outlook and dropping it to Firefox results in an automated opening of a (malicious) web page

Categories

(Firefox :: Untriaged, defect)

Product:
Firefox
Component:
Untriaged
Version:
61 Branch
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 1435319

People

(Reporter: robert.neumann, Unassigned)

Details

User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:61.0) Gecko/20100101 Firefox/61.0 Build ID: 20180704003137 Steps to reproduce: 1. Open Outlook 2. Drag any email 3. Drop it to the main Firefox window area (not over the search or input fields) Actual results: In case display language of Outlook is set to English, the following URL will be automatically visited: www.fromsubjectreceivedsizecategories[.]com Expected results: Nothing, Firefox shall not automatically create an URL out of Outlook column names, or even allow dropping content to other areas but the URL and search input fields.
The exact same issue was discussed in this very old article: https://www.silverspider.com/2007/from-subject-received-size-categories/
The affected platform is Windows.
Status: UNCONFIRMED → RESOLVED
Closed: 7 years ago
Resolution: --- → DUPLICATE
Group: firefox-core-security
You need to log in before you can comment on or make changes to this bug.