6.5

CVE-2020-15652

By observing the stack trace for JavaScript errors in web workers, it was possible to leak the result of a cross-origin redirect. This applied only to content that can be parsed as script. This vulnerability affects Firefox < 79, Firefox ESR < 68.11, Firefox ESR < 78.1, Thunderbird < 68.11, and Thunderbird < 78.1.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MozillaFirefox Version < 79.0
MozillaFirefox Version >= 78.0 < 78.1
MozillaFirefox ESR Version < 68.11
MozillaThunderbird Version < 68.11
MozillaThunderbird Version >= 78.0 < 78.1
CanonicalUbuntu Linux Version16.04 SwEditionesm
CanonicalUbuntu Linux Version18.04 SwEditionlts
CanonicalUbuntu Linux Version20.04 SwEditionlts
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.26% 0.658
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.5 2.8 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:P/I:N/A:N
CWE-346 Origin Validation Error

The product does not properly verify that the source of data or communication is valid.

http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00022.html
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00025.html
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00032.html
Broken Link
https://usn.ubuntu.com/4443-1/
Third Party Advisory
https://www.mozilla.org/security/advisories/mfsa2020-31/
Vendor Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=1634872
Vendor Advisory
Issue Tracking
https://www.mozilla.org/security/advisories/mfsa2020-30/
Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2020-32/
Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2020-33/
Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2020-35/
Vendor Advisory