The Mozilla Foundation Security Advisory describes this flaw as: A logic flaw in our location bar implementation could have allowed a local attacker to spoof the current location by selecting a different origin and removing focus from the input element.