CVE-2016-2830

Loading...

General

Score:4.3/10.0
Severity:Low
Category:Information Leak / Disclosure

Impact Metrics

Confidentiality:Partial
Integrity:None
Availability:None

Exploitability Metrics

Access Vector:Network
Access Complexity:Medium
Authentication:None

Relative vulnerabilities

CVE-2016-0718, CVE-2016-2815, CVE-2016-2818, CVE-2016-2819, CVE-2016-2821, CVE-2016-2822, CVE-2016-2824, CVE-2016-2828, CVE-2016-2831, CVE-2016-2834, CVE-2016-2835, CVE-2016-2836, CVE-2016-2837, CVE-2016-2838, CVE-2016-2839, CVE-2016-5250, CVE-2016-5251, CVE-2016-5252, CVE-2016-5254, CVE-2016-5255, CVE-2016-5258, CVE-2016-5259, CVE-2016-5260, CVE-2016-5261, CVE-2016-5262, CVE-2016-5263, CVE-2016-5264, CVE-2016-5265, CVE-2016-5266, CVE-2016-5268, CVE-2016-6354

Published on 05/08/16 - Updated on 16/08/17

Description

Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 preserve the network connection used for favicon resource retrieval after the associated browser window is closed, which makes it easier for remote web servers to track users by observing network traffic from multiple IP addresses.

Category: Information Leak / Disclosure

CWE-200 (Information Exposure)
An information exposure is the intentional or unintentional disclosure of information to an actor that is not explicitly authorized to have access to that information.

Security Notices

US National Vulnerability DatabaseCVE-2016-2830
Agence Nationale de la Sécurité des Systèmes d'Information CERTFR-2016-AVI-259
Arch Linux ASA-201608-2
CentOS CESA-2016:1551
Debian DSA-3640-1
Debian LTSDLA-585-1
Mozilla MFSA2016-63
Redhat RHSA-2016:1551
SUSE SUSE-SU-2016:2061, SUSE-SU-2016:2131, SUSE-SU-2016:2195
Ubuntu USN-3044-1

Exploits

No exploits available for this CVE in our database.

Relative technologies

VendorProduct
mozillafirefox
mozillafirefox_esr

Share this vulnerability with:

Twitter Facebook LinkedIn Mail