CVE-2018-5141

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 59

Description The issue is related to the notifications Push API, where notifications can be sent through service workers by web content without direct user interaction. This could be used to open new tabs in a denial of service attack or to display unwanted content from arbitrary URLs to users. The vulnerability is also described as being related to a lack of input validation in the push notification interface, which could allow a remote attacker to gain unauthorized access to protected information or cause a denial of service.

Recommendations For versions prior to 59, update to version 59 or later to resolve the issue. As a temporary workaround, consider restricting the use of the Push API to minimize the risk of exploitation. Avoid using the Push API for sensitive operations until the issue is resolved.