CVE-2018-5142

Publication date 14 March 2018

Last updated 24 July 2024


Ubuntu priority

Cvss 3 Severity Score

5.3 · Medium

Score breakdown

If Media Capture and Streams API permission is requested from documents with "data:" or "blob:" URLs, the permission notifications do not properly display the originating domain. The notification states "Unknown protocol" as the requestee, leading to user confusion about which site is asking for this permission. This vulnerability affects Firefox < 59.

Status

Package Ubuntu Release Status
firefox 18.04 LTS bionic
Fixed 59.0.1+build1-0ubuntu1
17.10 artful
Fixed 59.0+build5-0ubuntu0.17.10.1
16.04 LTS xenial
Fixed 59.0+build5-0ubuntu0.16.04.1
14.04 LTS trusty
Fixed 59.0+build5-0ubuntu0.14.04.1

Severity score breakdown

Parameter Value
Base score 5.3 · Medium
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Scope Unchanged
Confidentiality None
Integrity impact Low
Availability impact None
Vector CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

References

Related Ubuntu Security Notices (USN)

    • USN-3596-1
    • Firefox vulnerabilities
    • 14 March 2018

Other references