CVE-2016-2830

Description

Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 preserve the network connection used for favicon resource retrieval after the associated browser window is closed, which makes it easier for remote web servers to track users by observing network traffic from multiple IP addresses.

Risk Information

Base Score

4.3

MODERATE

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

EPSS Score

Exploitation Probability

0.555

Associated Vulnerability

Vulnerability	OS Platform
Update for Mozilla Firefox (48.0)	Windows
Update for Mozilla Firefox x64 (48.0)	Windows
Update for Mozilla Firefox ESR (45.3.0)	Windows
Update for Mozilla Firefox (48.0.1)	Windows
Update for Mozilla Firefox x64 (48.0.1)	Windows
Update for Mozilla Firefox (48.0.2)	Windows
Update for Mozilla Firefox x64 (48.0.2)	Windows
Multiple vulnerabilities are fixed in Update for Mozilla Firefox For Mac (48.0)	Mac
Multiple vulnerabilities are fixed in Update for Mozilla Firefox For Mac (48.0.1)	Mac
Multiple vulnerabilities are fixed in Update for Mozilla Firefox For Mac (48.0.2)	Mac
Multiple Vulnerabilities are affected in Firefox ESR for Mac 45.1.1	Mac
Multiple Vulnerabilities are affected in Mozilla Firefox for Mac 45.1.1	Mac
Multiple Vulnerabilities are affected in Firefox ESR for Mac 45.1.0	Mac
Multiple Vulnerabilities are affected in Mozilla Firefox for Mac 45.1.0	Mac
Multiple Vulnerabilities are affected in Firefox ESR for Mac 45.2.0	Mac
Multiple Vulnerabilities are affected in Firefox ESR for Mac 45.3.0	Mac
Multiple Vulnerabilities are affected in Mozilla Firefox for Mac 45.2.0	Mac
Multiple Vulnerabilities are affected in Mozilla Firefox for Mac 45.3.0	Mac
Multiple Vulnerabilities are affected in Mozilla Firefox for Mac 47.0.1	Mac
Multiple vulnerabilities are fixed in Mozilla Firefox For Mac 45.3	Mac
Mozilla Open Source web browser (USN-3044-1) firefox_48.0+build2-0ubuntu0.12.04.1_i386.deb	Linux
Mozilla Open Source web browser (USN-3044-1) firefox_48.0+build2-0ubuntu0.12.04.1_amd64.deb	Linux
Mozilla Open Source web browser (USN-3044-1) firefox_48.0+build2-0ubuntu0.14.04.1_i386.deb	Linux
Mozilla Open Source web browser (USN-3044-1) firefox_48.0+build2-0ubuntu0.14.04.1_amd64.deb	Linux
Mozilla Open Source web browser (USN-3044-1) firefox_48.0+build2-0ubuntu0.16.04.1_i386.deb	Linux
Mozilla Open Source web browser (USN-3044-1) firefox_48.0+build2-0ubuntu0.16.04.1_amd64.deb	Linux
SUSE-SU-2019:2872-1(SUSE Linux Enterprise Desktop 12-SP4 ) MozillaFirefox-68.2.0-109.95.2.x86_64.rpm	Linux
SUSE-SU-2019:2872-1(SUSE Linux Enterprise Desktop 12-SP4 ) MozillaFirefox-debuginfo-68.2.0-109.95.2.x86_64.rpm	Linux
SUSE-SU-2019:2872-1(SUSE Linux Enterprise Desktop 12-SP4 ) MozillaFirefox-debugsource-68.2.0-109.95.2.x86_64.rpm	Linux
SUSE-SU-2019:2872-1(SUSE Linux Enterprise Desktop 12-SP4 ) MozillaFirefox-translations-common-68.2.0-109.95.2.x86_64.rpm	Linux

Patch Details

Click to see the patches provided by ManageEngine for this CVE

Patch ID	Patch Description
PATCH-344482	Mozilla Firefox (134.0.1)
PATCH-302216	Update for Mozilla Firefox x64 (48.0)
PATCH-302298	Update for Mozilla Firefox ESR (45.3.0)
PATCH-344482	Mozilla Firefox (134.0.1)
PATCH-304013	Update for Mozilla Firefox x64 (48.0.1)
PATCH-344482	Mozilla Firefox (134.0.1)
PATCH-304032	Update for Mozilla Firefox x64 (48.0.2)
PATCH-607000	Mozilla Firefox For Mac (124.0)
PATCH-607000	Mozilla Firefox For Mac (124.0)
PATCH-607000	Mozilla Firefox For Mac (124.0)
PATCH-611808	Mozilla Firefox ESR for MAC 128.14.0
PATCH-611870	Mozilla Firefox For Mac (142.0.1)
PATCH-611808	Mozilla Firefox ESR for MAC 128.14.0
PATCH-611870	Mozilla Firefox For Mac (142.0.1)
PATCH-611808	Mozilla Firefox ESR for MAC 128.14.0
PATCH-611808	Mozilla Firefox ESR for MAC 128.14.0
PATCH-611870	Mozilla Firefox For Mac (142.0.1)
PATCH-611870	Mozilla Firefox For Mac (142.0.1)
PATCH-611870	Mozilla Firefox For Mac (142.0.1)
PATCH-612783	Mozilla Firefox For Mac (145.0.1)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234