CVE-2018-5131
11.06.2018, 21:29
Under certain circumstances the "fetch()" API can return transient local copies of resources that were sent with a "no-store" or "no-cache" cache header instead of downloading a copy from the network as it should. This can result in previously stored, locally cached data of a website being accessible to users if they share a common profile while browsing. This vulnerability affects Firefox ESR < 52.7 and Firefox < 59.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| debian | debian_linux | 7.0 |
| debian | debian_linux | 8.0 |
| debian | debian_linux | 9.0 |
| mozilla | firefox | 𝑥 < 59.0 |
| mozilla | firefox | 𝑥 < 52.7.0 |
| redhat | enterprise_linux_desktop | 6.0 |
| redhat | enterprise_linux_desktop | 7.0 |
| redhat | enterprise_linux_server | 6.0 |
| redhat | enterprise_linux_server | 7.0 |
| redhat | enterprise_linux_server_aus | 7.4 |
| redhat | enterprise_linux_server_eus | 7.4 |
| redhat | enterprise_linux_server_eus | 7.5 |
| redhat | enterprise_linux_workstation | 6.0 |
| redhat | enterprise_linux_workstation | 7.0 |
| canonical | ubuntu_linux | 14.04 |
| canonical | ubuntu_linux | 16.04 |
| canonical | ubuntu_linux | 17.10 |
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
| Vendor | Product | Version | Source |
|---|---|---|---|
| mozilla | firefox_esr | 𝑥 < 52.7 | CNA |
| mozilla | firefox_esr | 𝑥 < 59 | CNA |
Debian Releases
Ubuntu Releases
openSUSE / SLES Releases
openSUSE Product | |||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| MozillaFirefox |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||
| MozillaFirefox-devel |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||
| MozillaFirefox-translations-common |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||
| MozillaFirefox-translations-other |
|
Red Hat Enterprise Linux Releases
Common Weakness Enumeration
References