CVE-2016-5250 Information

Description

Mozilla Firefox before 48.0 Firefox ESR 45.4 and Thunderbird 45.4 allow remote attackers to obtain sensitive information about the previously retrieved page via Resource Timing API calls.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

Reference

http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00029.html http://rhn.redhat.com/errata/RHSA-2016-1912.html http://www.debian.org/security/2016/dsa-3674 http://www.mozilla.org/security/announce/2016/mfsa2016-84.html http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html http://www.securityfocus.com/bid/92260 http://www.securitytracker.com/id/1036508 http://www.ubuntu.com/usn/USN-3044-1 https://bugzilla.mozilla.org/show_bug.cgi?id=1254688 https://security.gentoo.org/glsa/201701-15 https://www.mozilla.org/security/advisories/mfsa2016-86/ https://www.mozilla.org/security/advisories/mfsa2016-88/

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

REQUIRED

Confidentiality Impact

UNCHANGED

Integrity Impact

LOW

Availability Impact

NONE

Base Score

NONE

Base Severity

4.3