CVE-2016-5250

Published: Aug 5, 2016Modified: May 6, 2026

4.3

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

Exploitability: 2.8 / Impact: 1.4

Source: NVD

Description

Mozilla Firefox before 48.0, Firefox ESR < 45.4 and Thunderbird < 45.4 allow remote attackers to obtain sensitive information about the previously retrieved page via Resource Timing API calls.

Affected (1)

Products: Mozilla: Firefox

Mozilla

1 product

Firefox

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Mozilla Firefox	Up to 47.0.1

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (26)

http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00004.html

Source: security@mozilla.org

http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00029.html

Source: security@mozilla.org

http://rhn.redhat.com/errata/RHSA-2016-1912.html

Source: security@mozilla.org

http://www.debian.org/security/2016/dsa-3674

Source: security@mozilla.org

http://www.mozilla.org/security/announce/2016/mfsa2016-84.html

Source: security@mozilla.org

Vendor Advisory

http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html

Source: security@mozilla.org

http://www.securityfocus.com/bid/92260

Source: security@mozilla.org

http://www.securitytracker.com/id/1036508

Source: security@mozilla.org

http://www.ubuntu.com/usn/USN-3044-1

Source: security@mozilla.org

https://bugzilla.mozilla.org/show_bug.cgi?id=1254688

Source: security@mozilla.org

Issue TrackingPermissions Required

https://security.gentoo.org/glsa/201701-15

Source: security@mozilla.org

https://www.mozilla.org/security/advisories/mfsa2016-86/

Source: security@mozilla.org

https://www.mozilla.org/security/advisories/mfsa2016-88/

Source: security@mozilla.org

http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00004.html