Medium severity4.3NVD Advisory· Published Aug 5, 2016· Updated May 6, 2026

CVE-2016-2830

Description

Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 preserve the network connection used for favicon resource retrieval after the associated browser window is closed, which makes it easier for remote web servers to track users by observing network traffic from multiple IP addresses.

Affected products

Mozilla Corporation/Firefox5 versions
cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*+ 4 more
- cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*range: <=47.0.1
- cpe:2.3:a:mozilla:firefox:45.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:45.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:45.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:45.3.0:*:*:*:*:*:*:*
osv-coords40 versions
pkg:rpm/suse/firefox-fontconfig&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP2-LTSS pkg:rpm/suse/MozillaFirefox-branding-SLED&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP2-LTSS pkg:rpm/suse/MozillaFirefox&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Enterprise%20Storage%205 pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP1 pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP4 pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Point%20of%20Sale%2011%20SP3 pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP2-LTSS pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3-LTSS pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3-TERADATA pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4 pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1 pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1-LTSS pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCL pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-LTSS pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-BCL pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-LTSS pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4 pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5 pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%2012-LTSS pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP4 pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012 pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1 pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2 pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3 pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4 pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5 pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2011%20SP4 pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP1 pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP4 pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5 pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Manager%202.1 pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Manager%20Proxy%202.1 pkg:rpm/suse/MozillaFirefox&distro=SUSE%20OpenStack%20Cloud%205 pkg:rpm/suse/MozillaFirefox&distro=SUSE%20OpenStack%20Cloud%207 pkg:rpm/suse/MozillaFirefox&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/MozillaFirefox&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/mozilla-nspr&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP2-LTSS pkg:rpm/suse/mozilla-nss&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP2-LTSS pkg:rpm/suse/MozillaThunderbird&distro=SUSE%20Package%20Hub%2012
< 2.11.0-4.2+ 39 more
- (no CPE)range: < 2.11.0-4.2
- (no CPE)range: < 45.0-20.38
- (no CPE)range: < 68.2.0-109.95.2
- (no CPE)range: < 68.2.0-109.95.2
- (no CPE)range: < 45.3.0esr-78.1
- (no CPE)range: < 68.2.0-109.95.2
- (no CPE)range: < 45.3.0esr-50.1
- (no CPE)range: < 45.3.0esr-48.1
- (no CPE)range: < 45.3.0esr-50.1
- (no CPE)range: < 45.3.0esr-50.1
- (no CPE)range: < 45.3.0esr-50.1
- (no CPE)range: < 45.3.0esr-78.1
- (no CPE)range: < 68.2.0-109.95.2
- (no CPE)range: < 68.2.0-109.95.2
- (no CPE)range: < 68.2.0-109.95.2
- (no CPE)range: < 68.2.0-109.95.2
- (no CPE)range: < 68.2.0-109.95.2
- (no CPE)range: < 68.2.0-109.95.2
- (no CPE)range: < 68.2.0-109.95.2
- (no CPE)range: < 45.3.0esr-78.1
- (no CPE)range: < 45.3.0esr-50.1
- (no CPE)range: < 45.3.0esr-78.1
- (no CPE)range: < 45.3.0esr-78.1
- (no CPE)range: < 68.2.0-109.95.2
- (no CPE)range: < 68.2.0-109.95.2
- (no CPE)range: < 68.2.0-109.95.2
- (no CPE)range: < 68.2.0-109.95.2
- (no CPE)range: < 45.3.0esr-50.1
- (no CPE)range: < 45.3.0esr-78.1
- (no CPE)range: < 68.2.0-109.95.2
- (no CPE)range: < 68.2.0-109.95.2
- (no CPE)range: < 45.3.0esr-50.1
- (no CPE)range: < 45.3.0esr-50.1
- (no CPE)range: < 45.3.0esr-50.1
- (no CPE)range: < 68.2.0-109.95.2
- (no CPE)range: < 68.2.0-109.95.2
- (no CPE)range: < 68.2.0-109.95.2
- (no CPE)range: < 4.12-25.2
- (no CPE)range: < 3.21.1-26.2
- (no CPE)range: < 45.3.0-9.1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.mozilla.org/security/announce/2016/mfsa2016-63.htmlnvdVendor Advisory
bugzilla.mozilla.org/show_bug.cginvdIssue TrackingPermissions Required
lists.opensuse.org/opensuse-security-announce/2016-08/msg00004.htmlnvd
lists.opensuse.org/opensuse-security-announce/2016-08/msg00029.htmlnvd
rhn.redhat.com/errata/RHSA-2016-1551.htmlnvd
www.debian.org/security/2016/dsa-3640nvd
www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.htmlnvd
www.securityfocus.com/bid/92261nvd
www.securitytracker.com/id/1036508nvd
www.ubuntu.com/usn/USN-3044-1nvd
security.gentoo.org/glsa/201701-15nvd

News mentions

No linked articles in our index yet.

cvss	0.280
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000