CVE-2018-5181

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 60

Description The issue is related to a lack of protection for internal data. It may allow a remote attacker to obtain confidential information. Specifically, if a URL using the "file:" protocol is dragged and dropped onto an open tab running in a different child process, the tab will open a local file corresponding to the dropped URL, contrary to policy. This can be made more reliable by opening the target tab with the "noopener" keyword.

Recommendations For versions prior to 60, update to version 60 or later to resolve the issue. As a temporary workaround, consider avoiding the use of the "file:" protocol when dragging and dropping URLs onto open tabs in different child processes. Restrict access to sensitive local files to minimize the risk of exploitation.