CVE-2018-5109
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
An audio capture session can started under an incorrect origin from the site making the capture request. Users are still prompted to allow the request but the prompt can display the wrong origin, leading to user confusion about which site is making the request to capture an audio stream. This vulnerability affects Firefox < 58.
Se puede iniciar una sesión de captura de audio bajo un origen incorrecto desde el sitio enviando una petición de captura. Se les pedirán a los usuarios que permitan la petición pero el mensaje puede mostrar un origen erróneo, confundiendo al usuario sobre qué sitio está realizando la petición para capturar una transmisión de audio. Esta vulnerabilidad afecta a las versiones anteriores a la 58 de Firefox.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2018-01-03 CVE Reserved
- 2018-01-25 CVE Published
- 2023-12-12 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-346: Origin Validation Error
CAPEC
References (4)
URL | Tag | Source |
---|---|---|
http://www.securityfocus.com/bid/102786 | Third Party Advisory | |
http://www.securitytracker.com/id/1040270 | Third Party Advisory |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://usn.ubuntu.com/3544-1 | 2018-06-25 | |
https://www.mozilla.org/security/advisories/mfsa2018-02 | 2018-06-25 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Mozilla Search vendor "Mozilla" | Firefox Search vendor "Mozilla" for product "Firefox" | <= 57.0.4 Search vendor "Mozilla" for product "Firefox" and version " <= 57.0.4" | - |
Affected
| ||||||
Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 14.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "14.04" | lts |
Affected
| ||||||
Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 16.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "16.04" | lts |
Affected
| ||||||
Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 17.10 Search vendor "Canonical" for product "Ubuntu Linux" and version "17.10" | - |
Affected
|