CVE-2018-5179

HIGH

Firefox <60 - Info Disclosure

Title source: llm

Description

A service worker can send the activate event on itself periodically which allows it to run perpetually, allowing it to monitor activity by users. Affects all versions prior to Firefox 60.

References (1)

[Vendor Advisory] https://www.mozilla.org/en-US/security/advisories/mfsa2018-11/

Scores

CVSS v3 7.5

EPSS 0.0043

EPSS Percentile 62.3%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Classification

CWE

CWE-772

Status published

Affected Products (1)

mozilla/firefox < 60.0

Timeline

Published Apr 26, 2019

Tracked Since Feb 18, 2026