CVE-2020-15652 — Origin Validation Error in Mozilla Firefox
CWE-346 — Origin Validation ErrorCWE-209 — Information Exposure via Error Message14 documents9 sources
Severity
6.5MEDIUMNVD
EPSS
1.1%
top 22.37%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedAug 10
Latest updateMay 24
Description
By observing the stack trace for JavaScript errors in web workers, it was possible to leak the result of a cross-origin redirect. This applied only to content that can be parsed as script. This vulnerability affects Firefox < 79, Firefox ESR < 68.11, Firefox ESR < 78.1, Thunderbird < 68.11, and Thunderbird < 78.1.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6
Affected Packages8 packages
Also affects: Ubuntu Linux 16.04, 18.04, 20.04
🔴Vulnerability Details
4GHSA▶
GHSA-2wfj-m7vx-f7mf: By observing the stack trace for JavaScript errors in web workers, it was possible to leak the result of a cross-origin redirect↗2022-05-24
OSV▶
CVE-2020-15652: By observing the stack trace for JavaScript errors in web workers, it was possible to leak the result of a cross-origin redirect↗2020-08-10
CVEList▶
CVE-2020-15652: By observing the stack trace for JavaScript errors in web workers, it was possible to leak the result of a cross-origin redirect↗2020-08-10
📋Vendor Advisories
8Debian▶
CVE-2020-15652: firefox - By observing the stack trace for JavaScript errors in web workers, it was possib...↗2020
💬Community
1Bugzilla▶
CVE-2020-15652 Mozilla: Potential leak of redirect targets when loading scripts in a worker↗2020-07-29