Vulnerability CVE-2018-5109
Published: 2018-06-11

Description:
An audio capture session can started under an incorrect origin from the site making the capture request. Users are still prompted to allow the request but the prompt can display the wrong origin, leading to user confusion about which site is making the request to capture an audio stream. This vulnerability affects Firefox < 58.

Type:

CWE-346

 (Origin Validation Error)

CVSS2 => (AV:N/AC:L/Au:N/C:N/I:P/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5/10
2.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
None
Partial
None
Affected software
Mozilla -> Firefox 
Canonical -> Ubuntu linux 

 References:
http://www.securityfocus.com/bid/102786
http://www.securitytracker.com/id/1040270
https://bugzilla.mozilla.org/show_bug.cgi?id=1405599
https://usn.ubuntu.com/3544-1/
https://www.mozilla.org/security/advisories/mfsa2018-02/
Copyright 2024, cxsecurity.com

 

Back to Top