Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2018-5131

Опубликовано: 14 мар. 2018
Источник: redhat
CVSS3: 6.1

Описание

Under certain circumstances the "fetch()" API can return transient local copies of resources that were sent with a "no-store" or "no-cache" cache header instead of downloading a copy from the network as it should. This can result in previously stored, locally cached data of a website being accessible to users if they share a common profile while browsing. This vulnerability affects Firefox ESR < 52.7 and Firefox < 59.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6thunderbirdNot affected
Red Hat Enterprise Linux 7thunderbirdNot affected
Red Hat Enterprise Linux 6firefoxFixedRHSA-2018:052615.03.2018
Red Hat Enterprise Linux 7firefoxFixedRHSA-2018:052715.03.2018

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-212
https://bugzilla.redhat.com/show_bug.cgi?id=1555131Mozilla: Fetch API improperly returns cached copies of no-store/no-cache resources (MFSA 2018-07)

6.1 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2018-5131

CVSS3: 5.9
ubuntu
около 7 лет назад

Under certain circumstances the "fetch()" API can return transient local copies of resources that were sent with a "no-store" or "no-cache" cache header instead of downloading a copy from the network as it should. This can result in previously stored, locally cached data of a website being accessible to users if they share a common profile while browsing. This vulnerability affects Firefox ESR < 52.7 and Firefox < 59.

nvd логотип

CVE-2018-5131

CVSS3: 5.9
nvd
около 7 лет назад

Under certain circumstances the "fetch()" API can return transient local copies of resources that were sent with a "no-store" or "no-cache" cache header instead of downloading a copy from the network as it should. This can result in previously stored, locally cached data of a website being accessible to users if they share a common profile while browsing. This vulnerability affects Firefox ESR < 52.7 and Firefox < 59.

debian логотип

CVE-2018-5131

CVSS3: 5.9
debian
около 7 лет назад

Under certain circumstances the "fetch()" API can return transient loc ...

github логотип

GHSA-hf84-87fj-v8xv

CVSS3: 5.9
github
около 3 лет назад

Under certain circumstances the "fetch()" API can return transient local copies of resources that were sent with a "no-store" or "no-cache" cache header instead of downloading a copy from the network as it should. This can result in previously stored, locally cached data of a website being accessible to users if they share a common profile while browsing. This vulnerability affects Firefox ESR < 52.7 and Firefox < 59.

fstec логотип

BDU:2021-00378

CVSS3: 5.9
fstec
больше 7 лет назад

Уязвимость реализации функции fetch () интерфейса для получения ресурсов Fetch API браузеров Mozilla Firefox и Firefox-ESR, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

6.1 Medium

CVSS3