CVE-2016-5288

Advisory lineage Upstream: 0 Downstream: 5

Downstream

MGASA-2017-0323 OPENSUSE-SU-2024:10071-1 OPENSUSE-SU-2024:14572-1 UBUNTU-CVE-2016-5288 USN-3111-1

Modified

Published: 11 Jun 2018, 21:00

Last modified:06 Aug 2024, 00:53

Vulnerability Summary

Overall Risk (default)

low

24/100

CVSS Score

5.9 MEDIUM

v3.0 (nvd)

EPSS Score

0.72% LOW

1% probability 0.00%

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

11 Jun 2018, 21:00

Published

Vulnerability first disclosed

06 Aug 2024, 00:53

Last Modified

Vulnerability information updated

Description

Web content could access information in the HTTP cache if e10s is disabled. This can reveal some visited URLs and the contents of those pages. This issue affects Firefox 48 and 49. This vulnerability affects Firefox < 49.0.2.

CVSS Metrics

v3.0•MEDIUM•Score: 5.9CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
v2.0•MEDIUM•Score: 4.3AV:N/AC:M/Au:N/C:P/I:N/A:N

EPSS Trends

Current EPSS score: 0.72%• Percentile: 73%

Techniques & Countermeasures

CWE-200•Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

Affected Systems

mozilla•firefox
< 49.0.2 | ≥ unspecified, < 49.0.2