Vulnerability Description
Mozilla Firefox before 49.0 does not properly restrict the scheme in favicon requests, which might allow remote attackers to obtain sensitive information via unspecified vectors, as demonstrated by a jar: URL for a favicon resource.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mozilla | Firefox | <= 48.0.2 |
Related Weaknesses (CWE)
References
- http://www.mozilla.org/security/announce/2016/mfsa2016-85.htmlVendor Advisory
- http://www.securityfocus.com/bid/93052
- http://www.securitytracker.com/id/1036852
- https://bugzilla.mozilla.org/show_bug.cgi?id=932335Issue Tracking
- https://security.gentoo.org/glsa/201701-15
- http://www.mozilla.org/security/announce/2016/mfsa2016-85.htmlVendor Advisory
- http://www.securityfocus.com/bid/93052
- http://www.securitytracker.com/id/1036852
- https://bugzilla.mozilla.org/show_bug.cgi?id=932335Issue Tracking
- https://security.gentoo.org/glsa/201701-15
FAQ
What is CVE-2016-5282?
CVE-2016-5282 is a vulnerability with a CVSS score of 6.5 (MEDIUM). Mozilla Firefox before 49.0 does not properly restrict the scheme in favicon requests, which might allow remote attackers to obtain sensitive information via unspecified vectors, as demonstrated by a ...
How severe is CVE-2016-5282?
CVE-2016-5282 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2016-5282?
Check the references section above for vendor advisories and patch information. Affected products include: Mozilla Firefox.