|Mozilla Firefox before 126.96.36.199, and 3.x before 3.0.1, interprets '|'
(pipe) characters in a command-line URI as requests to open multiple
tabs, which allows remote attackers to access chrome:i URIs, or read
arbitrary local files via manipulations involving a series of URIs
that is not entirely handled by a vector application, as exploited in
conjunction with CVE-2008-2540. NOTE: this issue exists because of an
insufficient fix for CVE-2005-2267.