Mozilla developer John Schoenick reported that CSS pseudo-classes can be used by web content to leak information on plugins that are installed but disabled. This can be used for information disclosure through a fingerprinting attack that lists all of the plugins installed by a user on a system, even when they are disabled. External Reference: https://www.mozilla.org/security/announce/2016/mfsa2016-60.html Acknowledgements: Name: the Mozilla project Upstream: John Schoenick Statement: This issue does not affect the version of firefox and thunderbird as shipped with Red Hat Enterprise Linux 5, 6 and 7.