A logic flaw in our location bar implementation could have allowed a local attacker to spoof the current location by selecting a different origin and removing focus from the input element. External Reference: https://www.mozilla.org/en-US/security/advisories/mfsa2020-16/#CVE-2020-12394
Acknowledgments: Name: the Mozilla project Upstream: Kestrel