Security researcher Toni Huttunen reported that once the favicon is requested from a site, the favicon network connection will persist even when the page is later closed. This allows a malicious site to continue to use this channel to send requests to the browser, leading to potential information disclosure, such as the IP address of the user. External Reference: https://www.mozilla.org/security/announce/2016/mfsa2016-63.html Acknowledgements: Name: the Mozilla project Upstream: Toni Huttunen
This issue has been addressed in the following products: Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 Via RHSA-2016:1551 https://rhn.redhat.com/errata/RHSA-2016-1551.html