CVE-2020-12424 — Incorrect Default Permissions in Mozilla Firefox
Severity
6.5MEDIUMNVD
EPSS
0.2%
top 63.08%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJul 9
Latest updateMay 24
Description
When constructing a permission prompt for WebRTC, a URI was supplied from the content process. This URI was untrusted, and could have been the URI of an origin that was previously granted permission; bypassing the prompt. This vulnerability affects Firefox < 78.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6
Affected Packages5 packages
🔴Vulnerability Details
4GHSA▶
GHSA-2cqw-c249-qrpc: When constructing a permission prompt for WebRTC, a URI was supplied from the content process↗2022-05-24
CVEList▶
CVE-2020-12424: When constructing a permission prompt for WebRTC, a URI was supplied from the content process↗2020-07-09
OSV▶
CVE-2020-12424: When constructing a permission prompt for WebRTC, a URI was supplied from the content process↗2020-07-01
📋Vendor Advisories
5💬Community
1Bugzilla▶
CVE-2020-12424 Mozilla: WebRTC permission prompt could have been bypassed by a compromised content process↗2020-08-26