CVE-2018-5141

Publication date 14 March 2018

Last updated 25 August 2025

Ubuntu priority

Low

Why this priority?

Cvss 3 Severity Score

8.2 · High

Score breakdown

Description

A vulnerability in the notifications Push API where notifications can be sent through service workers by web content without direct user interaction. This could be used to open new tabs in a denial of service (DOS) attack or to display unwanted content from arbitrary URLs to users. This vulnerability affects Firefox < 59.

Status

Package Ubuntu Release Status
firefox 18.04 LTS bionic
Fixed 59.0.1+build1-0ubuntu1
17.10 artful
Fixed 59.0+build5-0ubuntu0.17.10.1
16.04 LTS xenial
Fixed 59.0+build5-0ubuntu0.16.04.1
14.04 LTS trusty
Fixed 59.0+build5-0ubuntu0.14.04.1

Severity score breakdown

CVSS version: CVSS v3.0

Base score 8.2 · High

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

References

Related Ubuntu Security Notices (USN)

    • USN-3596-1
    • Firefox vulnerabilities
    • 14 March 2018

Other references

Access our resources on patching vulnerabilities