CVE-2016-9071

Source
Severity Low
Remote Yes
Type Information disclosure
Description
Content Security Policy combined with HTTP to HTTPS redirection can be used by malicious server to verify whether a known site is within a user's browser history.
Group Package Affected Fixed Severity Status Ticket
AVG-72 firefox 49.0.2-1 50.0-1 Critical Fixed
Date Advisory Group Package Severity Description
16 Nov 2016 ASA-201611-16 AVG-72 firefox Critical multiple issues
References
https://www.mozilla.org/en-US/security/advisories/mfsa2016-89/#CVE-2016-9071