CVE-2018-5131

Summary

Under certain circumstances the "fetch()" API can return transient local copies of resources that were sent with a "no-store" or "no-cache" cache header instead of downloading a copy from the network as it should. This can result in previously stored, locally cached data of a website being accessible to users if they share a common profile while browsing. This vulnerability affects Firefox ESR < 52.7 and Firefox < 59.

Affected Software

VendorProductVersion RangeStatus
MozillaFirefox ESRunspecified < 52.7affected
MozillaFirefoxunspecified < 59affected

Weaknesses

  • Fetch API improperly returns cached copies of no-store/no-cache resources

ADP Enrichment

CVE Program Container

Additional References

References