CVE-2020-15655 — Inclusion of Functionality from Untrusted Control Sphere in Mozilla Firefox
Severity
6.5MEDIUMNVD
EPSS
0.2%
top 54.20%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedAug 10
Latest updateMay 24
Description
A redirected HTTP request which is observed or modified through a web extension could bypass existing CORS checks, leading to potential disclosure of cross-origin information. This vulnerability affects Firefox ESR < 78.1, Firefox < 79, and Thunderbird < 78.1.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6
Affected Packages9 packages
Also affects: Ubuntu Linux 16.04, 18.04, 20.04
🔴Vulnerability Details
4GHSA▶
GHSA-xjqq-782m-q873: A redirected HTTP request which is observed or modified through a web extension could bypass existing CORS checks, leading to potential disclosure of↗2022-05-24
CVEList▶
CVE-2020-15655: A redirected HTTP request which is observed or modified through a web extension could bypass existing CORS checks, leading to potential disclosure of↗2020-08-10
OSV▶
CVE-2020-15655: A redirected HTTP request which is observed or modified through a web extension could bypass existing CORS checks, leading to potential disclosure of↗2020-07-29
📋Vendor Advisories
6Debian▶
CVE-2020-15655: firefox - A redirected HTTP request which is observed or modified through a web extension ...↗2020
💬Community
1Bugzilla
▶