CVE-2018-5109

MEDIUM

Firefox < 58 - Info Disclosure

Title source: llm

Description

An audio capture session can started under an incorrect origin from the site making the capture request. Users are still prompted to allow the request but the prompt can display the wrong origin, leading to user confusion about which site is making the request to capture an audio stream. This vulnerability affects Firefox < 58.

References (5)

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/102786

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1040270

[Issue Tracking, Permissions Required] https://bugzilla.mozilla.org/show_bug.cgi?id=1405599

[Third Party Advisory] https://usn.ubuntu.com/3544-1/

[Vendor Advisory] https://www.mozilla.org/security/advisories/mfsa2018-02/

Scores

CVSS v3 5.3

EPSS 0.0048

EPSS Percentile 64.6%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Classification

CWE

CWE-346

Status published

Affected Products (4)

mozilla/firefox < 57.0.4

canonical/ubuntu_linux

canonical/ubuntu_linux

canonical/ubuntu_linux

Timeline

Published Jun 11, 2018

Tracked Since Feb 18, 2026