CVE-2016-5282

Published: Sep 22, 2016Modified: May 6, 2026

6.5

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

Mozilla Firefox before 49.0 does not properly restrict the scheme in favicon requests, which might allow remote attackers to obtain sensitive information via unspecified vectors, as demonstrated by a jar: URL for a favicon resource.

Affected (1)

Products: Mozilla: Firefox

Mozilla

1 product

Firefox

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Mozilla Firefox	Up to 48.0.2

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (10)

http://www.mozilla.org/security/announce/2016/mfsa2016-85.html

Source: security@mozilla.org

Vendor Advisory

http://www.securityfocus.com/bid/93052

Source: security@mozilla.org

http://www.securitytracker.com/id/1036852

Source: security@mozilla.org

https://bugzilla.mozilla.org/show_bug.cgi?id=932335

Source: security@mozilla.org

Issue Tracking

https://security.gentoo.org/glsa/201701-15

Source: security@mozilla.org

http://www.mozilla.org/security/announce/2016/mfsa2016-85.html