mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-05-28 01:02:25 +00:00
169 lines
5.3 KiB
JSON
169 lines
5.3 KiB
JSON
{
|
|
"id": "CVE-2016-2830",
|
|
"sourceIdentifier": "security@mozilla.org",
|
|
"published": "2016-08-05T01:59:00.140",
|
|
"lastModified": "2017-08-16T01:29:06.337",
|
|
"vulnStatus": "Modified",
|
|
"descriptions": [
|
|
{
|
|
"lang": "en",
|
|
"value": "Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 preserve the network connection used for favicon resource retrieval after the associated browser window is closed, which makes it easier for remote web servers to track users by observing network traffic from multiple IP addresses."
|
|
},
|
|
{
|
|
"lang": "es",
|
|
"value": "Mozilla Firefox en versiones anteriores a 48.0 y Firefox ESR 45.x en versiones anteriores a 45.3 conserva la conexi\u00f3n de red usada para la recuperaci\u00f3n de recursos favicon despu\u00e9s de que la ventana del navegador asociado se cierre, lo que facilita a servidores web remotos rastrear usuarios mediante la observaci\u00f3n de tr\u00e1fico de red desde m\u00faltiples direcciones IP."
|
|
}
|
|
],
|
|
"metrics": {
|
|
"cvssMetricV30": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "3.0",
|
|
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
|
|
"attackVector": "NETWORK",
|
|
"attackComplexity": "LOW",
|
|
"privilegesRequired": "NONE",
|
|
"userInteraction": "REQUIRED",
|
|
"scope": "UNCHANGED",
|
|
"confidentialityImpact": "LOW",
|
|
"integrityImpact": "NONE",
|
|
"availabilityImpact": "NONE",
|
|
"baseScore": 4.3,
|
|
"baseSeverity": "MEDIUM"
|
|
},
|
|
"exploitabilityScore": 2.8,
|
|
"impactScore": 1.4
|
|
}
|
|
],
|
|
"cvssMetricV2": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "2.0",
|
|
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
|
|
"accessVector": "NETWORK",
|
|
"accessComplexity": "MEDIUM",
|
|
"authentication": "NONE",
|
|
"confidentialityImpact": "PARTIAL",
|
|
"integrityImpact": "NONE",
|
|
"availabilityImpact": "NONE",
|
|
"baseScore": 4.3
|
|
},
|
|
"baseSeverity": "MEDIUM",
|
|
"exploitabilityScore": 8.6,
|
|
"impactScore": 2.9,
|
|
"acInsufInfo": false,
|
|
"obtainAllPrivilege": false,
|
|
"obtainUserPrivilege": false,
|
|
"obtainOtherPrivilege": false,
|
|
"userInteractionRequired": true
|
|
}
|
|
]
|
|
},
|
|
"weaknesses": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "CWE-200"
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"configurations": [
|
|
{
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
|
|
"versionEndIncluding": "47.0.1",
|
|
"matchCriteriaId": "1456CC69-6E37-4C75-8D9A-172ED8A571EB"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:mozilla:firefox_esr:45.1.0:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "B877383B-F7B3-433F-B7B0-2B1C731504F2"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:mozilla:firefox_esr:45.1.1:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "4F18C6F4-5C04-4E4B-A2CC-29C5338F0CD1"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:mozilla:firefox_esr:45.2.0:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "BD9B460C-3328-44DC-AA80-EDE2E46AF787"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:mozilla:firefox_esr:45.3.0:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "BD5D9DC4-4D18-4491-BE90-CAE21CA1AA96"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"references": [
|
|
{
|
|
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00004.html",
|
|
"source": "security@mozilla.org"
|
|
},
|
|
{
|
|
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00029.html",
|
|
"source": "security@mozilla.org"
|
|
},
|
|
{
|
|
"url": "http://rhn.redhat.com/errata/RHSA-2016-1551.html",
|
|
"source": "security@mozilla.org"
|
|
},
|
|
{
|
|
"url": "http://www.debian.org/security/2016/dsa-3640",
|
|
"source": "security@mozilla.org"
|
|
},
|
|
{
|
|
"url": "http://www.mozilla.org/security/announce/2016/mfsa2016-63.html",
|
|
"source": "security@mozilla.org",
|
|
"tags": [
|
|
"Vendor Advisory"
|
|
]
|
|
},
|
|
{
|
|
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html",
|
|
"source": "security@mozilla.org"
|
|
},
|
|
{
|
|
"url": "http://www.securityfocus.com/bid/92261",
|
|
"source": "security@mozilla.org"
|
|
},
|
|
{
|
|
"url": "http://www.securitytracker.com/id/1036508",
|
|
"source": "security@mozilla.org"
|
|
},
|
|
{
|
|
"url": "http://www.ubuntu.com/usn/USN-3044-1",
|
|
"source": "security@mozilla.org"
|
|
},
|
|
{
|
|
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1255270",
|
|
"source": "security@mozilla.org",
|
|
"tags": [
|
|
"Issue Tracking",
|
|
"Permissions Required"
|
|
]
|
|
},
|
|
{
|
|
"url": "https://security.gentoo.org/glsa/201701-15",
|
|
"source": "security@mozilla.org"
|
|
}
|
|
]
|
|
} |