Vulnerability Description
An audio capture session can started under an incorrect origin from the site making the capture request. Users are still prompted to allow the request but the prompt can display the wrong origin, leading to user confusion about which site is making the request to capture an audio stream. This vulnerability affects Firefox < 58.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mozilla | Firefox | <= 57.0.4 |
| Canonical | Ubuntu Linux | 14.04 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/102786Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1040270Third Party AdvisoryVDB Entry
- https://bugzilla.mozilla.org/show_bug.cgi?id=1405599Issue TrackingPermissions Required
- https://usn.ubuntu.com/3544-1/Third Party Advisory
- https://www.mozilla.org/security/advisories/mfsa2018-02/Vendor Advisory
- http://www.securityfocus.com/bid/102786Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1040270Third Party AdvisoryVDB Entry
- https://bugzilla.mozilla.org/show_bug.cgi?id=1405599Issue TrackingPermissions Required
- https://usn.ubuntu.com/3544-1/Third Party Advisory
- https://www.mozilla.org/security/advisories/mfsa2018-02/Vendor Advisory
FAQ
What is CVE-2018-5109?
CVE-2018-5109 is a vulnerability with a CVSS score of 5.3 (MEDIUM). An audio capture session can started under an incorrect origin from the site making the capture request. Users are still prompted to allow the request but the prompt can display the wrong origin, lead...
How severe is CVE-2018-5109?
CVE-2018-5109 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-5109?
Check the references section above for vendor advisories and patch information. Affected products include: Mozilla Firefox, Canonical Ubuntu Linux.