CVE-2020-15650Files or Directories Accessible to External Parties in Mozilla Firefox ESR

CWE-552Files or Directories Accessible to External Parties7 documents7 sources
Severity
5.5MEDIUMNVD
EPSS
0.2%
top 51.90%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Mozilla Firefox ESR
Timeline
PublishedAug 10
Latest updateMay 24

Description

Given an installed malicious file picker application, an attacker was able to overwrite local files and thus overwrite Firefox settings (but not access the previous profile). *Note: This issue only affected Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox ESR < 68.11.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

CVEListV5mozilla/firefox_esrunspecified68.11
NVDmozilla/firefox_esr< 68.11

🔴Vulnerability Details

2
GHSA
GHSA-7f7j-qhc3-4fvp: Given an installed malicious file picker application, an attacker was able to overwrite local files and thus overwrite Firefox settings (but not acces2022-05-24
CVEList
CVE-2020-15650: Given an installed malicious file picker application, an attacker was able to overwrite local files and thus overwrite Firefox settings (but not acces2020-08-10

📋Vendor Advisories

3
Red Hat
Mozilla: Overwriting local files through malicious file picker application2020-07-28
Debian
CVE-2020-15650: firefox - Given an installed malicious file picker application, an attacker was able to ov...2020
Mozilla
Mozilla Foundation Security Advisory 2020-31: CVE-2020-15650

💬Community

1
Bugzilla
CVE-2020-15650 Mozilla: Overwriting local files through malicious file picker application2020-08-20
CVE-2020-15650 — Mozilla Firefox ESR vulnerability | cvebase