If a URL using the "file:" protocol is dragged and dropped onto an open tab that is running in a different child process the tab will open a local file corresponding to the dropped URL, contrary to policy. One way to make the target tab open more reliably in a separate process is to open it with the "noopener" keyword. This vulnerability affects Firefox < 60.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mozilla
Published: 2018-06-11T21:00:00
Updated: 2024-08-05T05:26:47.013Z
Reserved: 2018-01-03T00:00:00
Link: CVE-2018-5181
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2018-06-11T21:29:16.297
Modified: 2018-08-03T15:49:59.643
Link: CVE-2018-5181
Redhat