cbcvebase.
CVE-2016-5288
published 2018-06-11

CVE-2016-5288: Web content could access information in the HTTP cache if e10s is disabled. This can reveal some visited URLs and the contents of those pages. This issue…

PriorityP430medium5.9CVSS 3.0
AVNACHPRNUINSUCHINAN
EPSS
1.80%
75.8th percentile
Web content could access information in the HTTP cache if e10s is disabled. This can reveal some visited URLs and the contents of those pages. This issue affects Firefox 48 and 49. This vulnerability affects Firefox < 49.0.2.

Affected

6 ranges
VendorProductVersion rangeFixed in
debianfirefox< firefox 50.0-1 (sid)firefox 50.0-1 (sid)
debianfirefox-esr< firefox 50.0-1 (sid)firefox 50.0-1 (sid)
mozillafirefox< 49.0.249.0.2
mozillafirefox>= 0 < 49.0.2+build2-0ubuntu0.14.04.149.0.2+build2-0ubuntu0.14.04.1
mozillafirefox>= 0 < 49.0.2+build2-0ubuntu0.16.04.249.0.2+build2-0ubuntu0.16.04.2
mozillafirefox>= unspecified < 49.0.249.0.2

CVSS provenance

nvdv3.05.9MEDIUMCVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:P/I:N/A:N
osv9.8CRITICAL
vendor_ubuntu9.8CRITICAL
vendor_debian5.9MEDIUM
vendor_redhat5.9MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.