---

CVE-2018-5182 - log back

CVE-2018-5182 created at 25 Sep 2019 19:31:40
Severity	+ Low
Remote	+ Local
Type	+ Access restriction bypass
Description	+ If a text string that happens to be a filename in the operating system's native format is dragged and dropped onto the address bar of Firefox before 60.0, the specified local file will be opened. This is contrary to policy and is what would happen if the string were the equivalent file: URL.
References	+ https://www.mozilla.org/en-US/security/advisories/mfsa2018-11/#CVE-2018-5182 + https://bugzilla.mozilla.org/show_bug.cgi?id=1424107
Notes