CVE-2018-5131

2018-03-1400:00:00

ubuntu.com

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

0.002 Low

EPSS

Percentile

60.0%

JSON

Under certain circumstances the “fetch()” API can return transient local
copies of resources that were sent with a “no-store” or “no-cache” cache
header instead of downloading a copy from the network as it should. This
can result in previously stored, locally cached data of a website being
accessible to users if they share a common profile while browsing. This
vulnerability affects Firefox ESR < 52.7 and Firefox < 59.

OSVersionArchitecturePackageVersionFilename
ubuntu17.10noarchfirefox< 59.0+build5-0ubuntu0.17.10.1UNKNOWN
ubuntu18.04noarchfirefox< 59.0.1+build1-0ubuntu1UNKNOWN
ubuntu14.04noarchfirefox< 59.0+build5-0ubuntu0.14.04.1UNKNOWN
ubuntu16.04noarchfirefox< 59.0+build5-0ubuntu0.16.04.1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	17.10	noarch	firefox	< 59.0+build5-0ubuntu0.17.10.1	UNKNOWN
ubuntu	18.04	noarch	firefox	< 59.0.1+build1-0ubuntu1	UNKNOWN
ubuntu	14.04	noarch	firefox	< 59.0+build5-0ubuntu0.14.04.1	UNKNOWN
ubuntu	16.04	noarch	firefox	< 59.0+build5-0ubuntu0.16.04.1	UNKNOWN