CVE-2018-5131

CVE Details

Release Date:2018-06-11

Description


Under certain circumstances the fetch() API can return transientlocal copies of resources that were sent with a no-store or no-cache cache header instead of downloading a copy from the network as it should. This can result in previously stored, locally cached data of a website being accessible to users if they share a common profile while browsing. This vulnerability affects Firefox ESR < 52.7 and Firefox < 59.

See more information about CVE-2018-5131 from MITRE CVE dictionary and NIST NVD


CVSS v2.0 metrics


NOTE: The following CVSS v2.0 metrics and score provided are preliminary and subject to review.

Base Score: 4.3 Base Metrics: AV:N/AC:M/Au:N/C:P/I:N/A:N
Access Vector: Network Attack Complexity: Medium
Authentication: None required Confidentiality Impact: Partial
Integrity Impact: None Availability Impact: None

Errata information


PlatformErrataRelease Date
Oracle Linux version 6 (firefox)ELSA-2018-05262018-03-15
Oracle Linux version 7 (firefox)ELSA-2018-05272018-03-15



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete