cbcvebase.
CVE-2020-15653
published 2020-08-10

CVE-2020-15653: An iframe sandbox element with the allow-popups flag could be bypassed when using noopener links. This could have led to security issues for websites relying…

PriorityP430medium6.5CVSS 3.1
AVNACLPRNUIRSUCNIHAN
EPSS
1.21%
64.7th percentile
An iframe sandbox element with the allow-popups flag could be bypassed when using noopener links. This could have led to security issues for websites relying on sandbox configurations that allowed popups and hosted arbitrary content. This vulnerability affects Firefox ESR < 78.1, Firefox < 79, and Thunderbird < 78.1.

Affected

17 ranges
VendorProductVersion rangeFixed in
canonicalubuntu_linux
canonicalubuntu_linux
canonicalubuntu_linux
debianfirefox< firefox 79.0-1 (sid)firefox 79.0-1 (sid)
debianthunderbird< firefox 79.0-1 (sid)firefox 79.0-1 (sid)
mozillafirefox< 79.079.0
mozillafirefox
mozillafirefox>= 0 < 79.0+build1-0ubuntu0.16.04.279.0+build1-0ubuntu0.16.04.2
mozillafirefox>= 0 < 79.0+build1-0ubuntu0.18.04.179.0+build1-0ubuntu0.18.04.1
mozillafirefox>= 0 < 79.0+build1-0ubuntu0.20.04.179.0+build1-0ubuntu0.20.04.1
mozillafirefox>= unspecified < 7979
mozillafirefox_esr< 78.178.1
mozillafirefox_esr>= unspecified < 78.178.1
mozillathunderbird< 78.178.1
mozillathunderbird>= 0 < 1:78.8.1+build1-0ubuntu0.18.04.11:78.8.1+build1-0ubuntu0.18.04.1
mozillathunderbird>= 0 < 1:78.7.1+build1-0ubuntu0.20.04.11:78.7.1+build1-0ubuntu0.20.04.1
mozillathunderbird>= unspecified < 78.178.1

CVSS provenance

nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
osv6.5MEDIUM
vendor_debian6.5MEDIUM
vendor_redhat6.5MEDIUM
vendor_ubuntu6.5MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.