CVE-2016-2830 — Sensitive Information Exposure in Firefox

CWE-200 — Sensitive Information Exposure8 documents7 sources

Severity

4.3MEDIUMNVD

OSV9.8

EPSS

0.6%

top 31.86%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox Debian Firefox Debian Firefox-esr

Timeline

PublishedAug 5

Latest updateMay 17

Description

Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 preserve the network connection used for favicon resource retrieval after the associated browser window is closed, which makes it easier for remote web servers to track users by observing network traffic from multiple IP addresses.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages4 packages

▶Ubuntumozilla/firefox< 48.0+build2-0ubuntu0.14.04.1+1

▶NVDmozilla/firefox47.0.1+4

▶debiandebian/firefox< firefox 48.0-1 (sid)

▶debiandebian/firefox-esr< firefox 48.0-1 (sid)

🔴Vulnerability Details

GHSA

GHSA-wfq5-5w67-p795: Mozilla Firefox before 48↗2022-05-17

▶

OSV

firefox vulnerabilities↗2016-08-05

▶

OSV

CVE-2016-2830: Mozilla Firefox before 48↗2016-08-05

▶

📋Vendor Advisories

Ubuntu

Firefox vulnerabilities↗2016-08-05

▶

Red Hat

Mozilla: Favicon network connection persists when page is closed (MFSA 2016-62)↗2016-08-02

▶

Debian

CVE-2016-2830: firefox - Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 preserve the networ...↗2016

▶

💬Community

Bugzilla

CVE-2016-2830 Mozilla: Favicon network connection persists when page is closed (MFSA 2016-62)↗2016-06-06

▶