A logic flaw in our location bar implementation could have allowed a local attacker to spoof the current location by selecting a different origin and removing focus from the input element. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.
Mozilla
Information Disclosure
Firefox
NVD
CVSS 3.1
3.3
EPSS
0.3%