Information disclosure in Mozilla Firefox - CVE-2018-12400
Published: October 24, 2018
Vulnerability identifier: #VU15499
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2018-12400
CWE-ID: CWE-200
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Mozilla
Affected software:
Mozilla Firefox
Mozilla Firefox
Detailed vulnerability description
The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.
The weakness exists in private browsing mode on Firefox for Android due to favicons are cached in the
The weakness exists in private browsing mode on Firefox for Android due to favicons are cached in the
cache/icons folder as they are in non-private mode. A remote attacker can trick the victim into visiting a specially crafted website and gain access to arbitrary data during private browsing sessions.How to mitigate CVE-2018-12400
Update to version 63.0.