CVE-2020-12412
published 2020-07-09CVE-2020-12412: By navigating a tab using the history API, an attacker could cause the address bar to display the incorrect domain (with the https:// scheme, a blocked port…
PriorityP418medium4.3CVSS 3.1
AVNACLPRNUIRSUCNILAN
EPSS
0.78%
51.4th percentile
By navigating a tab using the history API, an attacker could cause the address bar to display the incorrect domain (with the https:// scheme, a blocked port number such as '1', and without a lock icon) while controlling the page contents. This vulnerability affects Firefox < 70.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | firefox | < firefox 70.0-1 (sid) | firefox 70.0-1 (sid) |
| mozilla | firefox | < 70.0 | 70.0 |
| mozilla | firefox | >= 0 < 70.0+build2-0ubuntu0.16.04.1 | 70.0+build2-0ubuntu0.16.04.1 |
| mozilla | firefox | >= 0 < 70.0+build2-0ubuntu0.18.04.1 | 70.0+build2-0ubuntu0.18.04.1 |
| mozilla | firefox | >= 0 < 70.0+build2-0ubuntu1 | 70.0+build2-0ubuntu1 |
| mozilla | firefox | >= unspecified < 70 | 70 |
CVSS provenance
nvdv3.14.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
osv4.3MEDIUM
vendor_debian4.3MEDIUM
vendor_redhat4.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-x2m9-q3vv-hr85: By navigating a tab using the history API, an attacker could cause the address bar to display the incorrect domain (with the https:// scheme, a blocke
ghsa_unreviewed·2022-05-24
CVE-2020-12412 [MEDIUM] GHSA-x2m9-q3vv-hr85: By navigating a tab using the history API, an attacker could cause the address bar to display the incorrect domain (with the https:// scheme, a blocke
By navigating a tab using the history API, an attacker could cause the address bar to display the incorrect domain (with the https:// scheme, a blocked port number such as '1', and without a lock icon) while controlling the page contents. This vulnerability affects Firefox < 70.
OSV
CVE-2020-12412: By navigating a tab using the history API, an attacker could cause the address bar to display the incorrect domain (with the https:// scheme, a blocke
osv·2020-07-09·CVSS 4.3
CVE-2020-12412 [MEDIUM] CVE-2020-12412: By navigating a tab using the history API, an attacker could cause the address bar to display the incorrect domain (with the https:// scheme, a blocke
By navigating a tab using the history API, an attacker could cause the address bar to display the incorrect domain (with the https:// scheme, a blocked port number such as '1', and without a lock icon) while controlling the page contents. This vulnerability affects Firefox < 70.
Red Hat
firefox: address bar spoof using history navigation and blocked ports
vendor_redhat·2020-07-09·CVSS 4.3
CVE-2020-12412 [MEDIUM] CWE-601 firefox: address bar spoof using history navigation and blocked ports
firefox: address bar spoof using history navigation and blocked ports
By navigating a tab using the history API, an attacker could cause the address bar to display the incorrect domain (with the https:// scheme, a blocked port number such as '1', and without a lock icon) while controlling the page contents. This vulnerability affects Firefox < 70.
Statement: This vulnerability was reported in Firefox 70 mainline; ESR versions were not affected.
Package: firefox (Red Hat Enterprise Linux 5) - Not affected
Package: thunderbird (Red Hat Enterprise Linux 5) - Not affected
Package: firefox (Red Hat Enterprise Linux 6) - Not affected
Package: thunderbird (Red Hat Enterprise Linux 6) - Not affected
Package: firefox (Red Hat Enterprise Linux 7) - Not affected
Package: thunderbird (Red Hat
Debian
CVE-2020-12412: firefox - By navigating a tab using the history API, an attacker could cause the address b...
vendor_debian·2020·CVSS 4.3
CVE-2020-12412 [MEDIUM] CVE-2020-12412: firefox - By navigating a tab using the history API, an attacker could cause the address b...
By navigating a tab using the history API, an attacker could cause the address bar to display the incorrect domain (with the https:// scheme, a blocked port number such as '1', and without a lock icon) while controlling the page contents. This vulnerability affects Firefox < 70.
Scope: local
sid: resolved (fixed in 70.0-1)
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2020-12412 firefox: address bar spoof using history navigation and blocked ports
bugzilla·2020-07-10·CVSS 4.3
CVE-2020-12412 [MEDIUM] CVE-2020-12412 firefox: address bar spoof using history navigation and blocked ports
CVE-2020-12412 firefox: address bar spoof using history navigation and blocked ports
By navigating a tab using the history API, an attacker could cause the address bar to display the incorrect domain (with the https:// scheme, a blocked port number such as '1', and without a lock icon) while controlling the page contents. This vulnerability affects Firefox < 70.
References:
https://www.mozilla.org/security/advisories/mfsa2019-34/
Discussion:
Statement:
This vulnerability was reported in Firefox 70 mainline; ESR versions were not affected.
---
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):
https://access.redhat.com/security/cve/cve-2020-12412
Bugzilla
Address bar spoof using history navigation and blocked ports
bugzilla·2019-02-17
[MEDIUM] Address bar spoof using history navigation and blocked ports
Address bar spoof using history navigation and blocked ports
Created attachment 9044466
mozilla-firefox.zip
Address Bar Spoofing security issue was tested against newest version of Mozilla Firefox. Both Linux and Windows version were behaving the same way which means both of them are vulnerable. I have tested it on 64bit Operating Systems(Ubuntu 16.04 and Windows 7). Client itself was 64bit as well. I have attached zip file containing report with the vulnerability details including poc code and short mp4 video. Please contact me via: [email protected]. Regards
Discussion:
Description:
> 1) Victim opens attacker website
> 2) Attacker website opens restricted address such as https://google.com:1
> in a new tab
> 3) Attacker website opens another attacker resource such as
> attacker.com/t
2020-07-09
Published