Endpoint Vulnerability

Local files or privileged URLs in pages can be opened into new tabs

Description

Security researcher Armin Razmdjou reported that opening hyperlinks on a page with the mouse and specific keyboard key combinations could allow a Chrome privileged URL to be opened without context restrictions being preserved. This could also allow for local files or resources from a known location to be opened with local privileges, bypassing security protections.

Affected Products

SeaMonkey

References

CVE-2015-0821,