CVE-2020-15658 — Improper Check for Unusual or Exceptional Conditions in Mozilla Firefox
Severity
6.5MEDIUMNVD
EPSS
0.5%
top 34.37%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedAug 10
Latest updateMay 24
Description
The code for downloading files did not properly take care of special characters, which led to an attacker being able to cut off the file ending at an earlier position, leading to a different file type being downloaded than shown in the dialog. This vulnerability affects Firefox ESR < 78.1, Firefox < 79, and Thunderbird < 78.1.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6
Affected Packages8 packages
Also affects: Ubuntu Linux 16.04, 18.04, 20.04
🔴Vulnerability Details
4GHSA▶
GHSA-5c48-vfr3-8jxq: The code for downloading files did not properly take care of special characters, which led to an attacker being able to cut off the file ending at an↗2022-05-24
CVEList▶
CVE-2020-15658: The code for downloading files did not properly take care of special characters, which led to an attacker being able to cut off the file ending at an↗2020-08-10
OSV▶
CVE-2020-15658: The code for downloading files did not properly take care of special characters, which led to an attacker being able to cut off the file ending at an↗2020-07-29
📋Vendor Advisories
6Debian▶
CVE-2020-15658: firefox - The code for downloading files did not properly take care of special characters,...↗2020