Published: 05/08/2016 Updated: 12/06/2018

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 4.3 | Impact Score: 1.4 | Exploitability Score: 2.8

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Mozilla Firefox prior to 48.0, Firefox ESR < 45.4 and Thunderbird < 45.4 allow remote malicious users to obtain sensitive information about the previously retrieved page via Resource Timing API calls.

Vulnerable Product	Search on Vulmon	Subscribe to Product
mozilla firefox

Synopsis Critical: firefox security update Type/Severity Security Advisory: Critical Topic An update for firefox is now available for Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Critical ...

Several security issues were fixed in Thunderbird ...

Firefox could be made to crash or run programs as your login if it opened a malicious website ...

Multiple security issues have been found in the Mozilla Firefox web browser: Multiple memory safety errors, buffer overflows and other implementation errors may lead to the execution of arbitrary code or information disclosure For the stable distribution (jessie), these problems have been fixed in version 4540esr-1~deb8u2 For the unstable distr ...

Mozilla Firefox before 480, Firefox ESR < 454 and Thunderbird < 454 allow remote attackers to obtain sensitive information about the previously retrieved page via Resource Timing API calls ...

Mozilla Foundation Security Advisory 2016-88 Security vulnerabilities fixed in Thunderbird 454 Announced October 3, 2016 Impact critical Products Thunderbird Fixed in Thunderbird 454 ...

Mozilla Foundation Security Advisory 2016-84 Information disclosure through Resource Timing API during page navigation Announced August 2, 2016 Reporter Catalin Dumitru Impact Moderate Products Firefox Fixed in ...

Mozilla Foundation Security Advisory 2016-86 Security vulnerabilities fixed in Firefox ESR 454 Announced September 20, 2016 Impact critical Products Firefox ESR Fixed in Firefox ESR 454 ...

CWE-200 https://bugzilla.mozilla.org/show_bug.cgi?id=1254688 http://www.mozilla.org/security/announce/2016/mfsa2016-84.html http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html http://www.securityfocus.com/bid/92260 http://www.ubuntu.com/usn/USN-3044-1 http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00029.html http://www.debian.org/security/2016/dsa-3674 https://security.gentoo.org/glsa/201701-15 http://www.securitytracker.com/id/1036508 http://rhn.redhat.com/errata/RHSA-2016-1912.html https://www.mozilla.org/security/advisories/mfsa2016-88/https://www.mozilla.org/security/advisories/mfsa2016-86/https://access.redhat.com/errata/RHSA-2016:1912 https://nvd.nist.gov https://usn.ubuntu.com/3112-1/

CVE-2016-5250

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect