CVE-2018-5179

MEDIUM

Description

A service worker can send the activate event on itself periodically which allows it to run perpetually, allowing it to monitor activity by users. Affects all versions prior to Firefox 60.

References

https://www.mozilla.org/en-US/security/advisories/mfsa2018-11/

Details

Source: MITRE

Published: 2019-04-26

Updated: 2019-10-03

Type: CWE-772

Risk Information

CVSS v2.0

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

CVSS v3.0

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Impact Score: 3.6

Exploitability Score: 3.9

Severity: HIGH