Bug 1250114 - XSS possible in extensions calling global/tabs.html.tmpl if tab.link is user-controlled
Attach a file by drag & drop or click to upload
