NuytsTech Security

CVE-2016-5260

by ·

Mozilla Firefox before 48.0 mishandles changes from ‘INPUT type="password"’ to ‘INPUT type="text"’ within a single Session Manager session, which might allow attackers to discover cleartext passwords by reading a session restoration file.

Date published : 2016-08-04

http://www.securityfocus.com/bid/92260

http://www.mozilla.org/security/announce/2016/mfsa2016-74.html

Tags: