6.5

CVE-2020-15682

EPSS 0.13%
Published 22.10.2020 21:15:13
Last modified 21.11.2024 05:06:00
Source security@mozilla.org
Teams watchlist Login
Open Login

When a link to an external protocol was clicked, a prompt was presented that allowed the user to choose what application to open it in. An attacker could induce that prompt to be associated with an origin they didn't control, resulting in a spoofing attack. This was fixed by changing external protocol prompts to be tab-modal while also ensuring they could not be incorrectly associated with a different origin. This vulnerability affects Firefox < 82.

Affected products Warnungen 0 Metrics 3 CWE 1 References 5

Data is provided by the National Vulnerability Database (NVD)

Mozilla ≫ Firefox Version < 82.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.13%	0.296

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:P/A:N

CWE-346 Origin Validation Error

The product does not properly verify that the source of data or communication is valid.

https://www.mozilla.org/security/advisories/mfsa2020-45/

Vendor Advisory

Release Notes

https://bugzilla.mozilla.org/show_bug.cgi?id=1636654

Vendor Advisory

Issue Tracking

Permissions Required

https://nvd.nist.gov/vuln/detail/CVE-2020-15682

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-15682

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-15682

EUVD