CVE-2018-5142Mozilla Firefox vulnerability

8 documents5 sources
Severity
5.3MEDIUMNVD
OSV8.8
EPSS
1.2%
top 21.24%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Mozilla FirefoxDebian FirefoxCanonical Ubuntu Linux
Timeline
PublishedJun 11
Latest updateMay 13

Description

If Media Capture and Streams API permission is requested from documents with "data:" or "blob:" URLs, the permission notifications do not properly display the originating domain. The notification states "Unknown protocol" as the requestee, leading to user confusion about which site is asking for this permission. This vulnerability affects Firefox < 59.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages4 packages

debiandebian/firefox< firefox 59.0-1 (sid)
CVEListV5mozilla/firefoxunspecified59
NVDmozilla/firefox< 59.0
Ubuntumozilla/firefox< 59.0+build5-0ubuntu0.14.04.1+4

Also affects: Ubuntu Linux 14.04, 16.04, 17.10

🔴Vulnerability Details

4
GHSA
GHSA-w4hq-q9jh-6r3x: If Media Capture and Streams API permission is requested from documents with "data:" or "blob:" URLs, the permission notifications do not properly dis2022-05-13
OSV
firefox regression2018-04-06
OSV
firefox vulnerabilities2018-03-14
OSV
CVE-2018-5142: If Media Capture and Streams API permission is requested from documents with "data:" or "blob:" URLs, the permission notifications do not properly dis2018-03-14

📋Vendor Advisories

3
Ubuntu
Firefox regression2018-04-06
Ubuntu
Firefox vulnerabilities2018-03-14
Debian
CVE-2018-5142: firefox - If Media Capture and Streams API permission is requested from documents with "da...2018