2005-02-13 05:00:00
mitre
PUBLISHED
Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7 allows remote attackers to determine the location of files on a users hard drive by obscuring a file upload control and tricking the user into dragging text into that control.