CVE-2016-5282

CVSS v3.0 6.5 (Medium)

CVSS v2.0 4.3 (Medium)

EPSS 0.42 % (75^th)

Affected Products 1

Advisories 5

Mozilla Firefox before 49.0 does not properly restrict the scheme in favicon requests, which might allow remote attackers to obtain sensitive information via unspecified vectors, as demonstrated by a jar: URL for a favicon resource.

Weaknesses

CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

CVE Status: PUBLISHED
CNA: Mozilla Corporation
Published Date: 2016-09-22 22:59:16
(8 years ago)
Updated Date: 2017-07-30 01:29:08
(7 years ago)

Affected Products

Mozilla

Firefox

Configuration #1

		CPE23	From	Up To
	Mozilla Firefox 48.0.2 and prior versions	cpe:2.3:a:mozilla:firefox		<= 48.0.2