| Snyk

Threat Intelligence

0.79% (82^nd percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk IDSNYK-CENTOS6-FIREFOX-2135840
published26 Jul 2021
disclosed20 Sept 2016

Report a new vulnerability Found a mistake?

Introduced: 20 Sep 2016

CVE-2016-5250 (opens in a new tab) CWE-200 (opens in a new tab)

How to fix?

Upgrade Centos:6 firefox to version 0:45.4.0-1.el6_8 or higher.

NVD Description

Note: Versions mentioned in the description apply only to the upstream firefox package and not the firefox package as distributed by Centos. See How to fix? for Centos:6 relevant fixed versions and status.

Mozilla Firefox before 48.0, Firefox ESR < 45.4 and Thunderbird < 45.4 allow remote attackers to obtain sensitive information about the previously retrieved page via Resource Timing API calls.

References

http://www.securityfocus.com/bid/92260
https://bugzilla.mozilla.org/show_bug.cgi?id=1254688
https://www.mozilla.org/security/advisories/mfsa2016-86/
https://www.mozilla.org/security/advisories/mfsa2016-88/
http://www.mozilla.org/security/announce/2016/mfsa2016-84.html
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html
https://access.redhat.com/security/cve/CVE-2016-5250
http://www.debian.org/security/2016/dsa-3674
https://security.gentoo.org/glsa/201701-15
http://rhn.redhat.com/errata/RHSA-2016-1912.html
https://access.redhat.com/errata/RHSA-2016:1912
http://www.securitytracker.com/id/1036508
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00004.html
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00029.html
http://www.ubuntu.com/usn/USN-3044-1

Information Exposure Affecting firefox package, versions <0:45.4.0-1.el6_8

Severity