CVE-2018-5141
Published: 14 March 2018
A vulnerability in the notifications Push API where notifications can be sent through service workers by web content without direct user interaction. This could be used to open new tabs in a denial of service (DOS) attack or to display unwanted content from arbitrary URLs to users. This vulnerability affects Firefox < 59.
Priority
CVSS 3 base score: 8.2
Status
Package | Release | Status |
---|---|---|
firefox Launchpad, Ubuntu, Debian |
artful |
Released
(59.0+build5-0ubuntu0.17.10.1)
|
bionic |
Released
(59.0.1+build1-0ubuntu1)
|
|
precise |
Does not exist
|
|
trusty |
Does not exist
(trusty was released [59.0+build5-0ubuntu0.14.04.1])
|
|
upstream |
Released
(59.0)
|
|
xenial |
Released
(59.0+build5-0ubuntu0.16.04.1)
|