CVE-2016-5260

Loading...

General

Score:4.3/10.0
Severity:Low
Category:Information Leak / Disclosure
Exploit:Available

Impact Metrics

Confidentiality:Partial
Integrity:None
Availability:None

Exploitability Metrics

Access Vector:Network
Access Complexity:Medium
Authentication:None

Relative vulnerabilities

CVE-2016-0718, CVE-2016-2830, CVE-2016-2835, CVE-2016-2836, CVE-2016-2837, CVE-2016-2838, CVE-2016-2839, CVE-2016-5250, CVE-2016-5251, CVE-2016-5252, CVE-2016-5254, CVE-2016-5255, CVE-2016-5258, CVE-2016-5259, CVE-2016-5261, CVE-2016-5262, CVE-2016-5263, CVE-2016-5264, CVE-2016-5265, CVE-2016-5266, CVE-2016-5268

Published on 05/08/16 - Updated on 16/08/17

Description

Mozilla Firefox before 48.0 mishandles changes from 'INPUT type="password"' to 'INPUT type="text"' within a single Session Manager session, which might allow attackers to discover cleartext passwords by reading a session restoration file.

Category: Information Leak / Disclosure

CWE-200 (Information Exposure)
An information exposure is the intentional or unintentional disclosure of information to an actor that is not explicitly authorized to have access to that information.

Security Notices

US National Vulnerability DatabaseCVE-2016-5260
Agence Nationale de la Sécurité des Systèmes d'Information CERTFR-2016-AVI-259
Arch Linux ASA-201608-2
Mozilla MFSA2016-74
Ubuntu USN-3044-1

Exploits

SecurityFocusBID-92260

Relative technologies

VendorProduct
mozillafirefox

Share this vulnerability with:

Twitter Facebook LinkedIn Mail