CVE-2018-5179
HIGHFirefox < 60.0 - Service Worker Resource Exhaustion via Self-Activated Event
Title source: llmDescription
A service worker can send the activate event on itself periodically which allows it to run perpetually, allowing it to monitor activity by users. Affects all versions prior to Firefox 60.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_misc
https://www.mozilla.org/en-US/security/advisories/mfsa2018-11/
Scores
CVSS v3
7.5
EPSS
0.0149
EPSS Percentile
70.6%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-772
Status
published
Products (1)
mozilla/firefox
< 60.0
Published
Apr 26, 2019
Tracked Since
Feb 18, 2026