CVE-2016-5288 — Sensitive Information Exposure in Mozilla Firefox

CWE-200 — Sensitive Information Exposure9 documents7 sources

Severity

5.9MEDIUMNVD

OSV9.8

EPSS

0.7%

top 27.45%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox Debian Firefox Debian Firefox-esr

Timeline

PublishedJun 11

Latest updateMay 14

Description

Web content could access information in the HTTP cache if e10s is disabled. This can reveal some visited URLs and the contents of those pages. This issue affects Firefox 48 and 49. This vulnerability affects Firefox < 49.0.2.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 2.2 | Impact: 3.6

Affected Packages5 packages

▶debiandebian/firefox< firefox 50.0-1 (sid)

▶CVEListV5mozilla/firefoxunspecified — 49.0.2

▶NVDmozilla/firefox< 49.0.2

▶debiandebian/firefox-esr< firefox 50.0-1 (sid)

▶Ubuntumozilla/firefox< 49.0.2+build2-0ubuntu0.14.04.1+1

🔴Vulnerability Details

GHSA

GHSA-xrvj-239r-5xw7: Web content could access information in the HTTP cache if e10s is disabled↗2022-05-14

▶

OSV

firefox vulnerabilities↗2016-10-27

▶

OSV

CVE-2016-5288: Web content could access information in the HTTP cache if e10s is disabled↗2016-10-25

▶

📋Vendor Advisories

Ubuntu

Firefox vulnerabilities↗2016-10-27

▶

Red Hat

firefox: Web content can read cache entries↗2016-10-20

▶

Debian

CVE-2016-5288: firefox - Web content could access information in the HTTP cache if e10s is disabled. This...↗2016

▶

💬Community

Bugzilla

CVE-2016-5288 firefox: Web content can read cache entries↗2016-10-21

▶

Bugzilla

CVE-2016-5287 CVE-2016-5288 firefox: various flaws [fedora-all]↗2016-10-21

▶