Описание
Mozilla Firefox before 49.0 does not properly restrict the scheme in favicon requests, which might allow remote attackers to obtain sensitive information via unspecified vectors, as demonstrated by a jar: URL for a favicon resource.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | firefox | Not affected | ||
| Red Hat Enterprise Linux 5 | thunderbird | Not affected | ||
| Red Hat Enterprise Linux 6 | firefox | Not affected | ||
| Red Hat Enterprise Linux 6 | thunderbird | Not affected | ||
| Red Hat Enterprise Linux 7 | firefox | Not affected | ||
| Red Hat Enterprise Linux 7 | thunderbird | Not affected |
Показывать по
Дополнительная информация
Статус:
EPSS
5.6 Medium
CVSS3
5.1 Medium
CVSS2
Связанные уязвимости
Mozilla Firefox before 49.0 does not properly restrict the scheme in favicon requests, which might allow remote attackers to obtain sensitive information via unspecified vectors, as demonstrated by a jar: URL for a favicon resource.
Mozilla Firefox before 49.0 does not properly restrict the scheme in favicon requests, which might allow remote attackers to obtain sensitive information via unspecified vectors, as demonstrated by a jar: URL for a favicon resource.
Mozilla Firefox before 49.0 does not properly restrict the scheme in f ...
Mozilla Firefox before 49.0 does not properly restrict the scheme in favicon requests, which might allow remote attackers to obtain sensitive information via unspecified vectors, as demonstrated by a jar: URL for a favicon resource.
EPSS
5.6 Medium
CVSS3
5.1 Medium
CVSS2