Main Vulnerability Database Vulnerabilities #VU10985

#VU10985 Security restrictions bypass in Mozilla Firefox - CVE-2018-5142

Published: March 13, 2018

Vulnerability identifier: #VU10985

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2018-5142

CWE-ID: CWE-264

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Mozilla Firefox

Software vendor:
Mozilla

Description

The vulnerability allows a remote attacker to bypass security restrictions on the target system.

The vulnerability exists due to the permission notifications do not properly display the originating domain if Media Capture and Streams API permission is requested from documents with data: or blob: URLs. A remote attacker can cause the notification to state "Unknown protocol" as the requestee, leading to user confusion about which site is asking for this permission.

Remediation

Update to version 59.0.

External links

https://www.mozilla.org/en-US/security/advisories/mfsa2018-06/