CVE-2018-5142
First published: Tue Mar 13 2018(Updated: )
If Media Capture and Streams API permission is requested from documents with "data:" or "blob:" URLs, the permission notifications do not properly display the originating domain. The notification states "Unknown protocol" as the requestee, leading to user confusion about which site is asking for this permission. This vulnerability affects Firefox < 59.
Credit: security@mozilla.org security@mozilla.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mozilla Firefox | <59 | 59 |
| Mozilla Firefox | <59.0 | |
| Canonical Ubuntu Linux | =14.04 | |
| Canonical Ubuntu Linux | =16.04 | |
| Canonical Ubuntu Linux | =17.10 | |
| debian/firefox | 131.0.2-2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.mozilla.org/show_bug.cgi?id=1366357
- https://www.mozilla.org/security/advisories/mfsa2018-06/
- https://usn.ubuntu.com/3596-1/
- http://www.securityfocus.com/bid/103386
- http://www.securitytracker.com/id/1040514
- https://launchpad.net/bugs/cve/CVE-2018-5142
- https://www.mozilla.org/en-US/security/advisories/mfsa2018-06/
- https://security-tracker.debian.org/tracker/CVE-2018-5142
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5142
- https://nvd.nist.gov/vuln/detail/CVE-2018-5142
- https://ubuntu.com/security/CVE-2018-5142
Peer vulnerabilities
(Found alongside the following vulnerabilities)
Frequently Asked Questions
What is CVE-2018-5142?
CVE-2018-5142 is a vulnerability in Mozilla Firefox and Ubuntu Linux that allows requests for Media Capture and Streams API permission from documents with 'data:' or 'blob:' URLs to display the wrong originating domain.
Which software products are affected by CVE-2018-5142?
Mozilla Firefox versions up to exclusive 59.0 and Ubuntu Linux versions 14.04, 16.04, and 17.10 are affected by CVE-2018-5142.
What is the severity of CVE-2018-5142?
The severity of CVE-2018-5142 is medium, with a CVSS score of 5.3.
How can I fix CVE-2018-5142 in Mozilla Firefox?
To fix CVE-2018-5142 in Mozilla Firefox, update to version 59.0 or higher.
How can I fix CVE-2018-5142 in Ubuntu Linux?
To fix CVE-2018-5142 in Ubuntu Linux, apply the applicable security patch or update the Firefox package to version 59.0 or higher.
- agent/type
- agent/first-publish-date
- collector/launchpad-cve
- source/Launchpad
- agent/author
- agent/severity
- agent/description
- collector/mozilla-advisory
- agent/software-canonical-lookup-request
- source/Mozilla
- agent/software-canonical-lookup
- collector/nvd-cve
- source/NVD
- collector/nvd-index
- agent/references
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/tags
- agent/event
- collector/security-tracker-debian
- source/Debian
- agent/softwarecombine
- collector/usn-cve
- source/Ubuntu
- vendor/mozilla
- canonical/mozilla firefox
- vendor/canonical
- canonical/canonical ubuntu linux
- version/canonical ubuntu linux/14.04
- version/canonical ubuntu linux/16.04
- version/canonical ubuntu linux/17.10
- package-manager/debian