Vulnerability Details : CVE-2016-5288
Web content could access information in the HTTP cache if e10s is disabled. This can reveal some visited URLs and the contents of those pages. This issue affects Firefox 48 and 49. This vulnerability affects Firefox < 49.0.2.
Vulnerability category: Information leak
Products affected by CVE-2016-5288
- cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2016-5288
0.19%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 57 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2016-5288
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:N/A:N |
8.6
|
2.9
|
NIST | |
5.9
|
MEDIUM | CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N |
2.2
|
3.6
|
NIST |
CWE ids for CVE-2016-5288
-
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-5288
-
http://www.securityfocus.com/bid/93810
Mozilla Firefox CVE-2016-5288 Information Disclosure VulnerabilityThird Party Advisory;VDB Entry
-
https://bugzilla.mozilla.org/show_bug.cgi?id=1310183
1310183 - (CVE-2016-5288) Remote web content can read about:cache entries in 49Issue Tracking;Vendor Advisory
-
http://www.securitytracker.com/id/1037077
Mozilla Firefox Use-After Free Memory Error in nsTArray_base::SwapArrayElements Lets Remote Users Execute Arbitrary Code and Web Cache Bug Lets Remote Users View Potentially Sensitive Information - SeThird Party Advisory;VDB Entry
-
https://www.mozilla.org/security/advisories/mfsa2016-87/
Security vulnerabilities fixed in Firefox 49.0.2 — MozillaVendor Advisory
Jump to