cbcvebase.
CVE-2018-5142
published 2018-06-11

CVE-2018-5142: If Media Capture and Streams API permission is requested from documents with "data:" or "blob:" URLs, the permission notifications do not properly display the…

PriorityP425medium5.3CVSS 3.0
AVNACLPRNUINSUCNILAN
EPSS
1.21%
64.8th percentile
If Media Capture and Streams API permission is requested from documents with "data:" or "blob:" URLs, the permission notifications do not properly display the originating domain. The notification states "Unknown protocol" as the requestee, leading to user confusion about which site is asking for this permission. This vulnerability affects Firefox < 59.

Affected

11 ranges
VendorProductVersion rangeFixed in
canonicalubuntu_linux
canonicalubuntu_linux
canonicalubuntu_linux
debianfirefox< firefox 59.0-1 (sid)firefox 59.0-1 (sid)
mozillafirefox< 59.059.0
mozillafirefox>= 0 < 59.0+build5-0ubuntu0.14.04.159.0+build5-0ubuntu0.14.04.1
mozillafirefox>= 0 < 59.0.2+build1-0ubuntu0.14.04.459.0.2+build1-0ubuntu0.14.04.4
mozillafirefox>= 0 < 59.0+build5-0ubuntu0.16.04.159.0+build5-0ubuntu0.16.04.1
mozillafirefox>= 0 < 59.0.2+build1-0ubuntu0.16.04.359.0.2+build1-0ubuntu0.16.04.3
mozillafirefox>= 0 < 59.0.1+build1-0ubuntu159.0.1+build1-0ubuntu1
mozillafirefox>= unspecified < 5959

CVSS provenance

nvdv3.05.3MEDIUMCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:P/A:N
osv8.8HIGH
vendor_ubuntu8.8HIGH
vendor_debian5.3MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.