CVE-2020-12415 — Incorrect Default Permissions in Mozilla Firefox
Severity
6.5MEDIUMNVD
EPSS
0.4%
top 42.31%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJul 9
Latest updateMay 24
Description
When "%2F" was present in a manifest URL, Firefox's AppCache behavior may have become confused and allowed a manifest to be served from a subdirectory. This could cause the appcache to be used to service requests for the top level directory. This vulnerability affects Firefox < 78.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6
Affected Packages5 packages
🔴Vulnerability Details
4GHSA▶
GHSA-xp2p-6mv7-gcrx: When "%2F" was present in a manifest URL, Firefox's AppCache behavior may have become confused and allowed a manifest to be served from a subdirectory↗2022-05-24
CVEList▶
CVE-2020-12415: When "%2F" was present in a manifest URL, Firefox's AppCache behavior may have become confused and allowed a manifest to be served from a subdirectory↗2020-07-09
OSV▶
CVE-2020-12415: When "%2F" was present in a manifest URL, Firefox's AppCache behavior may have become confused and allowed a manifest to be served from a subdirectory↗2020-07-01
📋Vendor Advisories
9💬Community
1Bugzilla▶
CVE-2020-12415 Mozilla: AppCache manifest poisoning due to url encoded character processing↗2020-09-03