UBUNTU-CVE-2016-5250

Details

Mozilla Firefox before 48.0, Firefox ESR < 45.4 and Thunderbird < 45.4 allow remote attackers to obtain sensitive information about the previously retrieved page via Resource Timing API calls.

Affected Packages

firefox

Ubuntu 14.04 LTS

Fixed in:

48.0+build2-0ubuntu0.14.04.1

thunderbird

Ubuntu 14.04 LTS

Fixed in:

1:45.4.0+build1-0ubuntu0.14.04.1

firefox

Ubuntu 16.04 LTS

Fixed in:

48.0+build2-0ubuntu0.16.04.1

thunderbird

Ubuntu 16.04 LTS

Fixed in:

1:45.4.0+build1-0ubuntu0.16.04.1

References

REPORT

https://bugzilla.mozilla.org/show_bug.cgi?id=1254688

REPORT

https://ubuntu.com/security/CVE-2016-5250

ADVISORY

https://ubuntu.com/security/notices/USN-3044-1

ADVISORY

https://ubuntu.com/security/notices/USN-3112-1

REPORT

https://www.cve.org/CVERecord?id=CVE-2016-5250

REPORT

https://www.mozilla.org/en-US/security/advisories/mfsa2016-84/