From bca7deb116e646ece8cbba462a9c33203f36d120 Mon Sep 17 00:00:00 2001 From: ashton <63224111+bikini@users.noreply.github.com> Date: Wed, 24 Jun 2026 05:10:38 -0500 Subject: [PATCH] Remove Smart Window severity label --- firefox-smartwindow-private-url-exfil-poc/README.md | 2 -- 1 file changed, 2 deletions(-) diff --git a/firefox-smartwindow-private-url-exfil-poc/README.md b/firefox-smartwindow-private-url-exfil-poc/README.md index d8cd81d..7a68e99 100644 --- a/firefox-smartwindow-private-url-exfil-poc/README.md +++ b/firefox-smartwindow-private-url-exfil-poc/README.md @@ -13,8 +13,6 @@ Smart Window's `get_open_tabs` and `search_browsing_history` tools return privat ## Impact -Estimated severity: high. - An attacker who can place a malicious title into the user's open tabs or browsing history can cause Smart Window to send private browser URLs to an attacker-controlled HTTP endpoint through a hidden `get_page_content` fetch. The leaked URL can include sensitive path and query-string data such as search terms, document identifiers, account paths, invitation links, reset links, or application-specific one-time values. The confirmed variants are: