CVE-2020-26967

EPSS 0.28%
Veröffentlicht 09.12.2020 01:15:13
Zuletzt bearbeitet 21.11.2024 05:20:35
Quelle security@mozilla.org
Teams Watchlist Login
Unerledigt Login

When listening for page changes with a Mutation Observer, a malicious web page could confuse Firefox Screenshots into interacting with elements other than those that it injected into the page. This would lead to internal errors and unexpected behavior in the Screenshots code. This vulnerability affects Firefox < 83.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 0 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Mozilla ≫ Firefox Version < 83.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.28%	0.488

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:P/A:N

https://www.mozilla.org/security/advisories/mfsa2020-50/

Vendor Advisory

https://bugzilla.mozilla.org/show_bug.cgi?id=1665820

Vendor Advisory

Issue Tracking

Permissions Required

https://nvd.nist.gov/vuln/detail/CVE-2020-26967

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-26967

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-26967

EUVD