Main Vulnerability Database Vulnerabilities #VU10984

Improper access control in Mozilla Firefox - CVE-2018-5141

Published: March 13, 2018

Vulnerability identifier: #VU10984

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2018-5141

CWE-ID: CWE-284

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Mozilla

Affected software:
Mozilla Firefox

Detailed vulnerability description

The vulnerability allows a remote attacker to obtain potentially sensitive information or cause DoS condition on the target system.

The vulnerability exists due to the notifications Push API where notifications can be sent through service workers by web content without direct user interaction. A remote attacker can open new tabs in a denial of service (DOS) attack or access unwanted content from arbitrary URLs to users.

How to mitigate CVE-2018-5141

Update to version 59.0.

Sources

https://www.mozilla.org/en-US/security/advisories/mfsa2018-06/

Improper access control in Mozilla Firefox - CVE-2018-5141

Detailed vulnerability description

How to mitigate CVE-2018-5141

Sources

Please verify you're human