Main Vulnerability Database Vulnerabilities #VU10984

#VU10984 Improper access control in Mozilla Firefox - CVE-2018-5141

Published: March 13, 2018

Vulnerability identifier: #VU10984

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2018-5141

CWE-ID: CWE-284

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Mozilla Firefox

Software vendor:
Mozilla

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information or cause DoS condition on the target system.

The vulnerability exists due to the notifications Push API where notifications can be sent through service workers by web content without direct user interaction. A remote attacker can open new tabs in a denial of service (DOS) attack or access unwanted content from arbitrary URLs to users.

Remediation

Update to version 59.0.

External links

https://www.mozilla.org/en-US/security/advisories/mfsa2018-06/

#VU10984 Improper access control in Mozilla Firefox - CVE-2018-5141

Description

Remediation

External links

Please verify you're human