Drag and Drop Multiple File Upload < 1.3.6.5 - File Upload Size Limit Bypass

The plugin does not properly check for the upload size limit set in forms, taking the value from user input sent when submitting the form. As a result, attackers could control the file length limit and bypass the limit set by admins in the contact form. PoC curl -X POST -F "sizelimit=10485760" -F...

Local file stealing with SessionStore — Mozilla

Mozilla security researcher mozbugra4 reported that a form input control's type could be changed during the restoration of a closed tab. An attacker could set an input control's text value to the path of a local file whose location was known to the attacker. If the tab was then closed and the...