Impact
A user visiting a malicious document or submitting a malicious form could have their account compromised, because it was possible to use the javascript:
scheme with custom widget URLs and form redirect URLs.
Patches
Fixed since version 1.3.1
Mitigation was to restricted custom widget URLs and form redirect URLs to http(s) schemes.
Workarounds
Avoid visiting documents or forms prepared by people you do not trust.
References
Impact
A user visiting a malicious document or submitting a malicious form could have their account compromised, because it was possible to use the
javascript:
scheme with custom widget URLs and form redirect URLs.Patches
Fixed since version 1.3.1
Mitigation was to restricted custom widget URLs and form redirect URLs to http(s) schemes.
Workarounds
Avoid visiting documents or forms prepared by people you do not trust.
References