6.5

CVE-2020-15682

EPSS 0.13%
Veröffentlicht 22.10.2020 21:15:13
Zuletzt bearbeitet 21.11.2024 05:06:00
Quelle security@mozilla.org
Teams Watchlist Login
Unerledigt Login

When a link to an external protocol was clicked, a prompt was presented that allowed the user to choose what application to open it in. An attacker could induce that prompt to be associated with an origin they didn't control, resulting in a spoofing attack. This was fixed by changing external protocol prompts to be tab-modal while also ensuring they could not be incorrectly associated with a different origin. This vulnerability affects Firefox < 82.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Mozilla ≫ Firefox Version < 82.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.13%	0.296

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:P/A:N

CWE-346 Origin Validation Error

The product does not properly verify that the source of data or communication is valid.

https://www.mozilla.org/security/advisories/mfsa2020-45/

Vendor Advisory

Release Notes

https://bugzilla.mozilla.org/show_bug.cgi?id=1636654

Vendor Advisory

Issue Tracking

Permissions Required

https://nvd.nist.gov/vuln/detail/CVE-2020-15682

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-15682

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-15682

EUVD