CVE-2020-15654 — Infinite Loop in Mozilla Firefox
Severity
6.5MEDIUMNVD
EPSS
0.5%
top 34.37%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedAug 10
Latest updateMay 24
Description
When in an endless loop, a website specifying a custom cursor using CSS could make it look like the user is interacting with the user interface, when they are not. This could lead to a perceived broken state, especially when interactions with existing browser dialogs and warnings do not work. This vulnerability affects Firefox ESR < 78.1, Firefox < 79, and Thunderbird < 78.1.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6
Affected Packages8 packages
Also affects: Ubuntu Linux 16.04, 18.04, 20.04
🔴Vulnerability Details
5GHSA▶
GHSA-8j7j-8w2r-72pq: When in an endless loop, a website specifying a custom cursor using CSS could make it look like the user is interacting with the user interface, when↗2022-05-24
CVEList▶
CVE-2020-15654: When in an endless loop, a website specifying a custom cursor using CSS could make it look like the user is interacting with the user interface, when↗2020-08-10
OSV▶
CVE-2020-15654: When in an endless loop, a website specifying a custom cursor using CSS could make it look like the user is interacting with the user interface, when↗2020-07-29
📋Vendor Advisories
6Debian▶
CVE-2020-15654: firefox - When in an endless loop, a website specifying a custom cursor using CSS could ma...↗2020