Main Vulnerability Database Vulnerabilities #VU10985

Security restrictions bypass in Mozilla Firefox - CVE-2018-5142

Published: March 13, 2018

Vulnerability identifier: #VU10985

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2018-5142

CWE-ID: CWE-264

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Mozilla

Affected software:
Mozilla Firefox

Detailed vulnerability description

The vulnerability allows a remote attacker to bypass security restrictions on the target system.

The vulnerability exists due to the permission notifications do not properly display the originating domain if Media Capture and Streams API permission is requested from documents with data: or blob: URLs. A remote attacker can cause the notification to state "Unknown protocol" as the requestee, leading to user confusion about which site is asking for this permission.

How to mitigate CVE-2018-5142

Update to version 59.0.

Sources

https://www.mozilla.org/en-US/security/advisories/mfsa2018-06/

Security restrictions bypass in Mozilla Firefox - CVE-2018-5142

Detailed vulnerability description

How to mitigate CVE-2018-5142

Sources

Please verify you're human