#VU15499 Information disclosure in Mozilla Firefox - CVE-2018-12400
Published: October 24, 2018
Vulnerability identifier: #VU15499
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2018-12400
CWE-ID: CWE-200
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Mozilla Firefox
Mozilla Firefox
Software vendor:
Mozilla
Mozilla
Description
The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.
The weakness exists in private browsing mode on Firefox for Android due to favicons are cached in the
The weakness exists in private browsing mode on Firefox for Android due to favicons are cached in the
cache/icons folder as they are in non-private mode. A remote attacker can trick the victim into visiting a specially crafted website and gain access to arbitrary data during private browsing sessions.Remediation
Update to version 63.0.