CVE-2018-5182

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 60

Description The issue is related to a lack of protection for internal data in the Firefox web browser. If a text string that is a filename in the operating system's native format is dragged and dropped onto the address bar, the specified local file will be opened, contrary to policy. This could potentially allow a remote attacker to gain unauthorized access to protected information.

Recommendations For versions prior to 60, update to version 60 or later to resolve the issue. As a temporary workaround, consider avoiding dragging and dropping filenames onto the address bar until a patch is available. Restrict access to sensitive local files to minimize the risk of exploitation.