CVE-2016-5288
Published: 25 October 2016
Web content could access information in the HTTP cache if e10s is disabled. This can reveal some visited URLs and the contents of those pages. This issue affects Firefox 48 and 49. This vulnerability affects Firefox < 49.0.2.
Priority
Status
Package | Release | Status |
---|---|---|
firefox Launchpad, Ubuntu, Debian |
precise |
Released
(49.0.2+build2-0ubuntu0.12.04.1)
|
trusty |
Released
(49.0.2+build2-0ubuntu0.14.04.1)
|
|
upstream |
Released
(49.0.2)
|
|
xenial |
Released
(49.0.2+build2-0ubuntu0.16.04.2)
|
|
yakkety |
Released
(49.0.2+build2-0ubuntu0.16.10.2)
|
|
thunderbird Launchpad, Ubuntu, Debian |
precise |
Not vulnerable
|
trusty |
Does not exist
(trusty was not-affected)
|
|
upstream |
Not vulnerable
|
|
xenial |
Not vulnerable
|
|
yakkety |
Not vulnerable
|
Severity score breakdown
Parameter | Value |
---|---|
Base score | 5.9 |
Attack vector | Network |
Attack complexity | High |
Privileges required | None |
User interaction | None |
Scope | Unchanged |
Confidentiality | High |
Integrity impact | None |
Availability impact | None |
Vector | CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N |