CVE-2016-2830
firefox-esr - security update
4.3
MEDIUM
CVSS 3.1
EPSS 0.56%
Description
Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 preserve the network connection used for favicon resource retrieval after the associated browser window is closed, which makes it easier for remote web servers to track users by observing network traffic from multiple IP addresses.
How to fix CVE-2016-2830
To remediate CVE-2016-2830, upgrade the affected package to a fixed version below.
- —upgrade to 45.3.0esr-1 or later
- —upgrade to 45.3.0esr-1~deb7u1 or later
- —upgrade to 45.3.0esr-1~deb8u1 or later
Is CVE-2016-2830 being exploited?
Low — EPSS is 0.6%, meaning exploitation activity has not been observed at scale.
Affected packages (3)
- from 0, < 45.3.0esr-1
- from 0, < 45.3.0esr-1~deb7u1
- from 0, < 45.3.0esr-1~deb8u1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM4.3 | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N |