Vulnerability Description
Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 preserve the network connection used for favicon resource retrieval after the associated browser window is closed, which makes it easier for remote web servers to track users by observing network traffic from multiple IP addresses.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mozilla | Firefox | <= 47.0.1 |
Related Weaknesses (CWE)
References
- http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00004.html
- http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00029.html
- http://rhn.redhat.com/errata/RHSA-2016-1551.html
- http://www.debian.org/security/2016/dsa-3640
- http://www.mozilla.org/security/announce/2016/mfsa2016-63.htmlVendor Advisory
- http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.h
- http://www.securityfocus.com/bid/92261
- http://www.securitytracker.com/id/1036508
- http://www.ubuntu.com/usn/USN-3044-1
- https://bugzilla.mozilla.org/show_bug.cgi?id=1255270Issue TrackingPermissions Required
- https://security.gentoo.org/glsa/201701-15
- http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00004.html
- http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00029.html
- http://rhn.redhat.com/errata/RHSA-2016-1551.html
- http://www.debian.org/security/2016/dsa-3640
FAQ
What is CVE-2016-2830?
CVE-2016-2830 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 preserve the network connection used for favicon resource retrieval after the associated browser window is closed, which makes it easier fo...
How severe is CVE-2016-2830?
CVE-2016-2830 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2016-2830?
Check the references section above for vendor advisories and patch information. Affected products include: Mozilla Firefox.