Mozilla Firefox CVE-2016-2830 Information Disclosure Vulnerability
Description
Security researcher Toni Huttunen reported that once the favicon is requested from a site, the remote server can keep the favicon network connection open even when the page is later closed. This allows a malicious site to continue to use this channel to send requests to the browser, leading to potential information disclosure, such as tracking the user across multiple IP addresses as the user changes networks.
Affected Applications
Firefox
Firefox ESR