CVE-2016-5288

EUVD-2016-6239
Web content could access information in the HTTP cache if e10s is disabled. This can reveal some visited URLs and the contents of those pages. This issue affects Firefox 48 and 49. This vulnerability affects Firefox < 49.0.2.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.9 MEDIUM
NETWORK
HIGH
NONE
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 72%
Affected Products (NVD)
VendorProductVersion
mozillafirefox
𝑥
< 49.0.2
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
firefox
sid
132.0.1-1
fixed
firefox-esr
bookworm
115.14.0esr-1~deb12u1
fixed
bookworm (security)
128.4.0esr-1~deb12u1
fixed
bullseye
115.14.0esr-1~deb11u1
fixed
bullseye (security)
128.4.0esr-1~deb11u1
fixed
sid
128.4.0esr-1
fixed
trixie
128.3.1esr-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
firefox
precise
Fixed 49.0.2+build2-0ubuntu0.12.04.1
released
trusty
Fixed 49.0.2+build2-0ubuntu0.14.04.1
released
xenial
Fixed 49.0.2+build2-0ubuntu0.16.04.2
released
yakkety
Fixed 49.0.2+build2-0ubuntu0.16.10.2
released
thunderbird
precise
not-affected
trusty
dne
xenial
not-affected
yakkety
not-affected
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/93810
http://www.securitytracker.com/id/1037077
https://bugzilla.mozilla.org/show_bug.cgi?id=1310183
https://www.mozilla.org/security/advisories/mfsa2016-87/
http://www.securityfocus.com/bid/93810
http://www.securitytracker.com/id/1037077
https://bugzilla.mozilla.org/show_bug.cgi?id=1310183
https://www.mozilla.org/security/advisories/mfsa2016-87/