Main Vulnerability Database Vulnerabilities #VU10192

Security restrictions bypass in Mozilla Firefox - CVE-2018-5109

Published: January 24, 2018

Vulnerability identifier: #VU10192

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2018-5109

CWE-ID: CWE-264

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Mozilla

Affected software:
Mozilla Firefox

Detailed vulnerability description

The vulnerability allows a remote attacker to bypass security restrictions on the target system.

The vulnerability exists due to the prompting and starting an audio capture session with an incorrect origin from the site making the capture request. A remote attacker can bypass security restrictions and cause user confusion about which site is making the request to capture an audio stream.

How to mitigate CVE-2018-5109

Update to version 58.0.

Sources

https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/

Security restrictions bypass in Mozilla Firefox - CVE-2018-5109

Detailed vulnerability description

How to mitigate CVE-2018-5109

Sources

Please verify you're human