{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1893?format=json","vulnerability_id":"VCID-wcam-fcv5-j7h4","summary":"Security researcher Toni Huttunen reported that once the favicon is\nrequested from a site, the remote server can keep the favicon network connection open even\nwhen the page is later closed. This allows a malicious site to continue to use this\nchannel to send requests to the browser, leading to potential information disclosure, such as tracking the user across multiple IP addresses as the user changes networks.","aliases":[{"alias":"CVE-2016-2830"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/898?format=json","purl":"pkg:mozilla/Firefox@48.0.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@48.0.0"},{"url":"http://public2.vulnerablecode.io/api/packages/899?format=json","purl":"pkg:mozilla/Firefox%20ESR@45.3.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox%2520ESR@45.3.0"}],"affected_packages":[],"references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2830","reference_id":"CVE-2016-2830","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2830"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-63","reference_id":"mfsa2016-63","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-63"}],"weaknesses":[],"exploits":[],"severity_range_score":"7.0 - 8.9","exploitability":null,"weighted_severity":null,"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wcam-fcv5-j7h4"}