Mozilla: Same-origin policy violation using local HTML file and saved shortcut file (MFSA 2016-89, MFSA 2016-90)
A same-origin policy bypass with local shortcut files to load arbitrary local content from disk. This vulnerability affects Thunderbird 45.5, Firefox ESR 45.5, and Firefox 50...