Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2018-5182

Опубликовано: 11 июн. 2018
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS2: 5
CVSS3: 7.5

Описание

If a text string that happens to be a filename in the operating system's native format is dragged and dropped onto the addressbar the specified local file will be opened. This is contrary to policy and is what would happen if the string were the equivalent "file:" URL. This vulnerability affects Firefox < 60.

РелизСтатусПримечание
artful

released

60.0+build2-0ubuntu0.17.10.1
bionic

released

60.0+build2-0ubuntu1
devel

released

60.0+build2-0ubuntu1
esm-infra-legacy/trusty

DNE

trusty/esm was DNE [trusty was released [60.0+build2-0ubuntu0.14.04.1]]
precise/esm

DNE

trusty

released

60.0+build2-0ubuntu0.14.04.1
trusty/esm

DNE

trusty was released [60.0+build2-0ubuntu0.14.04.1]
upstream

released

60.0
xenial

released

60.0+build2-0ubuntu0.16.04.1

Показывать по

Ссылки на источники

EPSS

Процентиль: 77%
0.01014
Низкий

5 Medium

CVSS2

7.5 High

CVSS3

Связанные уязвимости

redhat логотип

CVE-2018-5182

CVSS3: 7.5
redhat
больше 7 лет назад

If a text string that happens to be a filename in the operating system's native format is dragged and dropped onto the addressbar the specified local file will be opened. This is contrary to policy and is what would happen if the string were the equivalent "file:" URL. This vulnerability affects Firefox < 60.

nvd логотип

CVE-2018-5182

CVSS3: 7.5
nvd
больше 7 лет назад

If a text string that happens to be a filename in the operating system's native format is dragged and dropped onto the addressbar the specified local file will be opened. This is contrary to policy and is what would happen if the string were the equivalent "file:" URL. This vulnerability affects Firefox < 60.

debian логотип

CVE-2018-5182

CVSS3: 7.5
debian
больше 7 лет назад

If a text string that happens to be a filename in the operating system ...

github логотип

GHSA-857q-6rrg-fqm2

CVSS3: 7.5
github
больше 3 лет назад

If a text string that happens to be a filename in the operating system's native format is dragged and dropped onto the addressbar the specified local file will be opened. This is contrary to policy and is what would happen if the string were the equivalent "file:" URL. This vulnerability affects Firefox < 60.

fstec логотип

BDU:2019-04697

CVSS3: 7.5
fstec
больше 6 лет назад

Уязвимость веб-браузера Firefox, связанная с отсутствием защиты служебных данных, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

EPSS

Процентиль: 77%
0.01014
Низкий

5 Medium

CVSS2

7.5 High

CVSS3