CVE-2016-1939

Mozilla Firefox before 44.0 stores cookies with names containing vertical tab characters, which allows remote attackers to obtain sensitive information by reading HTTP Cookie headers.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-7208.
Severity
MEDIUM
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Atk. Vector
NETWORK
Atk. Complexity
LOW
Priv. Required
NONE
Base Score
CVSS 3.x
EPSS Score
Percentile: 77%
VendorProductVersion
opensuseleap
42.1
opensuseopensuse
13.1
opensuseopensuse
13.2
mozillafirefox
𝑥
≤ 43.0.4
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
firefox
wily
Fixed 44.0+build3-0ubuntu0.15.10.1
released
vivid
Fixed 44.0+build3-0ubuntu0.15.04.1
released
trusty
Fixed 44.0+build3-0ubuntu0.14.04.1
released
precise
Fixed 44.0+build3-0ubuntu0.12.04.1
released
thunderbird
wily
not-affected
vivid
ignored
trusty
dne
precise
not-affected