CVE-2018-5109
First published: Tue Jan 23 2018(Updated: )
An audio capture session can started under an incorrect origin from the site making the capture request. Users are still prompted to allow the request but the prompt can display the wrong origin, leading to user confusion about which site is making the request to capture an audio stream.
Credit: security@mozilla.org security@mozilla.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mozilla Firefox | <58 | 58 |
| Mozilla Firefox | <=57.0.4 | |
| Canonical Ubuntu Linux | =14.04 | |
| Canonical Ubuntu Linux | =16.04 | |
| Canonical Ubuntu Linux | =17.10 | |
| debian/firefox | 131.0.2-2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.mozilla.org/show_bug.cgi?id=1405599
- https://www.mozilla.org/security/advisories/mfsa2018-02/
- https://usn.ubuntu.com/3544-1/
- http://www.securityfocus.com/bid/102786
- http://www.securitytracker.com/id/1040270
- https://launchpad.net/bugs/cve/CVE-2018-5109
- https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/
- https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5107
- https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5109
- https://security-tracker.debian.org/tracker/CVE-2018-5109
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5109
- https://nvd.nist.gov/vuln/detail/CVE-2018-5109
- https://ubuntu.com/security/CVE-2018-5109
Peer vulnerabilities
(Found alongside the following vulnerabilities)
- CVE-2018-5091
- CVE-2018-5092
- CVE-2018-5093
- CVE-2018-5094
- CVE-2018-5095
- CVE-2018-5097
- CVE-2018-5098
- CVE-2018-5099
- CVE-2018-5100
- CVE-2018-5101
- CVE-2018-5102
- CVE-2018-5103
- CVE-2018-5104
- CVE-2018-5105
- CVE-2018-5106
- CVE-2018-5107
- CVE-2018-5108
- CVE-2018-5109
- CVE-2018-5110
- CVE-2018-5111
- CVE-2018-5112
- CVE-2018-5113
- CVE-2018-5114
- CVE-2018-5115
- CVE-2018-5116
- CVE-2018-5117
- CVE-2018-5118
- CVE-2018-5119
- CVE-2018-5121
- CVE-2018-5122
- CVE-2018-5090
- CVE-2018-5089
Frequently Asked Questions
What is CVE-2018-5109?
CVE-2018-5109 is a vulnerability that allows an audio capture session to be started under an incorrect origin from the site making the capture request.
What is the severity of CVE-2018-5109?
The severity of CVE-2018-5109 is medium, with a severity value of 5.3.
Which software is affected by CVE-2018-5109?
Mozilla Firefox versions up to 58.0, Ubuntu with Firefox versions up to 58.0, Mozilla Firefox version 57.0.4, Canonical Ubuntu Linux 14.04, Canonical Ubuntu Linux 16.04, and Canonical Ubuntu Linux 17.10 are affected by CVE-2018-5109.
How can I fix CVE-2018-5109?
To fix CVE-2018-5109, update Mozilla Firefox to version 58.0 or later.
Where can I find more information about CVE-2018-5109?
You can find more information about CVE-2018-5109 on the Mozilla Bugzilla page (https://bugzilla.mozilla.org/show_bug.cgi?id=1405599) and the Mozilla Security Advisories page (https://www.mozilla.org/security/advisories/mfsa2018-02/).
- agent/type
- collector/launchpad-cve
- source/Launchpad
- agent/first-publish-date
- agent/author
- agent/weakness
- agent/severity
- collector/mozilla-advisory
- agent/software-canonical-lookup-request
- source/Mozilla
- agent/software-canonical-lookup
- collector/nvd-cve
- source/NVD
- collector/nvd-index
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- collector/usn-cve
- source/Ubuntu
- agent/references
- agent/softwarecombine
- agent/tags
- agent/description
- agent/event
- collector/security-tracker-debian
- source/Debian
- vendor/mozilla
- canonical/mozilla firefox
- version/mozilla firefox/57.0.4
- vendor/canonical
- canonical/canonical ubuntu linux
- version/canonical ubuntu linux/14.04
- version/canonical ubuntu linux/16.04
- version/canonical ubuntu linux/17.10
- package-manager/debian