Mozilla Foundation Security Advisory 2012-43
Title: Incorrect URL displayed in addressbar
through drag and drop
Announced: July 17, 2012
Reporter: Mario Gomes, Code Audit Labs
Fixed in: Firefox 14
Firefox ESR 10.0.6
Security researcher Mario Gomes andresearch firm Code Audit Labs reported a mechanism to short-circuit page loads through drag and drop to the addressbar by canceling the page load. This causes the address of the previously site entered to be displayed in the addressbar instead of the currently loaded page. This could lead to potential phishing attacks on users.