CVE-2018-5131 — Sensitive Information Exposure in Mozilla Firefox
Severity
5.9MEDIUMNVD
OSV8.8
EPSS
1.3%
top 20.39%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJun 11
Latest updateMay 14
Description
Under certain circumstances the "fetch()" API can return transient local copies of resources that were sent with a "no-store" or "no-cache" cache header instead of downloading a copy from the network as it should. This can result in previously stored, locally cached data of a website being accessible to users if they share a common profile while browsing. This vulnerability affects Firefox ESR < 52.7 and Firefox < 59.
CVSS vector
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 2.2 | Impact: 3.6
Affected Packages7 packages
Also affects: Debian Linux 7.0, 8.0, 9.0, Ubuntu Linux 14.04, 16.04, 17.10, Enterprise Linux 7.4, 7.5
🔴Vulnerability Details
5GHSA▶
GHSA-hf84-87fj-v8xv: Under certain circumstances the "fetch()" API can return transient local copies of resources that were sent with a "no-store" or "no-cache" cache head↗2022-05-14
OSV▶
CVE-2018-5131: Under certain circumstances the "fetch()" API can return transient local copies of resources that were sent with a "no-store" or "no-cache" cache head↗2018-06-11
CVEList▶
CVE-2018-5131: Under certain circumstances the "fetch()" API can return transient local copies of resources that were sent with a "no-store" or "no-cache" cache head↗2018-06-11