CVE-2016-5288

Web content could access information in the HTTP cache if e10s is disabled. This can reveal some visited URLs and the contents of those pages. This issue affects Firefox 48 and 49. This vulnerability affects Firefox < 49.0.2.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.9 MEDIUM
NETWORK
HIGH
NONE
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
mozillaCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 63%
VendorProductVersion
mozillafirefox
𝑥
< 49.0.2
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
firefox
sid
132.0.1-1
fixed
firefox-esr
bullseye
115.14.0esr-1~deb11u1
fixed
bullseye (security)
128.4.0esr-1~deb11u1
fixed
bookworm
115.14.0esr-1~deb12u1
fixed
bookworm (security)
128.4.0esr-1~deb12u1
fixed
trixie
128.3.1esr-2
fixed
sid
128.4.0esr-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
firefox
yakkety
Fixed 49.0.2+build2-0ubuntu0.16.10.2
released
xenial
Fixed 49.0.2+build2-0ubuntu0.16.04.2
released
trusty
Fixed 49.0.2+build2-0ubuntu0.14.04.1
released
precise
Fixed 49.0.2+build2-0ubuntu0.12.04.1
released
thunderbird
yakkety
not-affected
xenial
not-affected
trusty
dne
precise
not-affected
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/93810
http://www.securitytracker.com/id/1037077
https://bugzilla.mozilla.org/show_bug.cgi?id=1310183
https://www.mozilla.org/security/advisories/mfsa2016-87/
http://www.securityfocus.com/bid/93810
http://www.securitytracker.com/id/1037077
https://bugzilla.mozilla.org/show_bug.cgi?id=1310183
https://www.mozilla.org/security/advisories/mfsa2016-87/