CVE-2016-5291
A same-origin policy bypass with local shortcut files to load arbitrary local content from disk. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50. Date published : 2018-06-11 http://www.securityfocus.com/bid/94336