CVE-2020-15664
published 2020-10-01CVE-2020-15664: By holding a reference to the eval() function from an about:blank window, a malicious webpage could have gained access to the InstallTrigger object which would…
PriorityP430medium6.5CVSS 3.1
AVNACLPRNUIRSUCNIHAN
EPSS
1.38%
68.8th percentile
By holding a reference to the eval() function from an about:blank window, a malicious webpage could have gained access to the InstallTrigger object which would allow them to prompt the user to install an extension. Combined with user confusion, this could result in an unintended or malicious extension being installed. This vulnerability affects Firefox < 80, Thunderbird < 78.2, Thunderbird < 68.12, Firefox ESR < 68.12, Firefox ESR < 78.2, and Firefox for Android < 80.
Affected
25 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | firefox | < firefox 80.0-1 (sid) | firefox 80.0-1 (sid) |
| debian | firefox-esr | < firefox 80.0-1 (sid) | firefox 80.0-1 (sid) |
| debian | thunderbird | < firefox 80.0-1 (sid) | firefox 80.0-1 (sid) |
| mozilla | firefox | < 80.0 | 80.0 |
| mozilla | firefox | — | — |
| mozilla | firefox | >= 0 < 80.0+build2-0ubuntu0.16.04.1 | 80.0+build2-0ubuntu0.16.04.1 |
| mozilla | firefox | >= 0 < 80.0.1+build1-0ubuntu0.16.04.1 | 80.0.1+build1-0ubuntu0.16.04.1 |
| mozilla | firefox | >= 0 < 80.0+build2-0ubuntu0.18.04.1 | 80.0+build2-0ubuntu0.18.04.1 |
| mozilla | firefox | >= 0 < 80.0.1+build1-0ubuntu0.18.04.1 | 80.0.1+build1-0ubuntu0.18.04.1 |
| mozilla | firefox | >= 0 < 80.0+build2-0ubuntu0.20.04.1 | 80.0+build2-0ubuntu0.20.04.1 |
| mozilla | firefox | >= 0 < 80.0.1+build1-0ubuntu0.20.04.1 | 80.0.1+build1-0ubuntu0.20.04.1 |
| mozilla | firefox | >= 78.0 < 78.2 | 78.2 |
| mozilla | firefox | >= unspecified < 80 | 80 |
| mozilla | firefox_esr | < 68.12 | 68.12 |
| mozilla | firefox_esr | >= unspecified < 68.12 | 68.12 |
| mozilla | firefox_esr | >= unspecified < 78.2 | 78.2 |
| mozilla | firefox_for_android | >= unspecified < 80 | 80 |
| mozilla | thunderbird | < 68.12 | 68.12 |
| mozilla | thunderbird | >= 0 < 1:68.12.0-1 | 1:68.12.0-1 |
| mozilla | thunderbird | >= 0 < 1:68.12.0-1 | 1:68.12.0-1 |
| mozilla | thunderbird | >= 0 < 1:68.12.0-1 | 1:68.12.0-1 |
| mozilla | thunderbird | >= 0 < 1:68.12.0-1 | 1:68.12.0-1 |
| mozilla | thunderbird | >= 78.0 < 78.2 | 78.2 |
| mozilla | thunderbird | >= unspecified < 78.2 | 78.2 |
| mozilla | thunderbird | >= unspecified < 68.12 | 68.12 |
CVSS provenance
nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
osv6.5MEDIUM
vendor_debian6.5MEDIUM
vendor_redhat6.5MEDIUM
vendor_ubuntu4.7MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
Firefox regressions
vendor_ubuntu·2020-09-03·CVSS 4.7
[MEDIUM] Firefox regressions
Title: Firefox regressions
Summary: USN-4474-1 caused some minor regressions in Firefox.
USN-4474-1 fixed vulnerabilities in Firefox. The update introduced various
minor regressions. This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
Multiple security issues were discovered in Firefox. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service, trick the user
in to installing a malicious extension, spoof the URL bar, leak sensitive
information between origins, or execute arbitrary code. (CVE-2020-15664,
CVE-2020-15665, CVE-2020-15666, CVE-2020-15670)
It was discovered that NSS incorrectly handled certain signatures.
An attacker could possibly use this issue to ex
Ubuntu
Firefox vulnerabilities
vendor_ubuntu·2020-08-26·CVSS 4.7
CVE-2020-15666 [MEDIUM] Firefox vulnerabilities
Title: Firefox vulnerabilities
Summary: Firefox could be made to crash or run programs as your login if it
opened a malicious website.
Multiple security issues were discovered in Firefox. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service, trick the user
in to installing a malicious extension, spoof the URL bar, leak sensitive
information between origins, or execute arbitrary code. (CVE-2020-15664,
CVE-2020-15665, CVE-2020-15666, CVE-2020-15670)
It was discovered that NSS incorrectly handled certain signatures.
An attacker could possibly use this issue to expose sensitive information.
(CVE-2020-12400, CVE-2020-12401, CVE-2020-6829)
A data race was discovered when importing certificate information in
Red Hat
Mozilla: Attacker-induced prompt for extension installation
vendor_redhat·2020-08-25·CVSS 6.5
CVE-2020-15664 [MEDIUM] CWE-648 Mozilla: Attacker-induced prompt for extension installation
Mozilla: Attacker-induced prompt for extension installation
By holding a reference to the eval() function from an about:blank window, a malicious webpage could have gained access to the InstallTrigger object which would allow them to prompt the user to install an extension. Combined with user confusion, this could result in an unintended or malicious extension being installed. This vulnerability affects Firefox < 80, Thunderbird < 78.2, Thunderbird < 68.12, Firefox ESR < 68.12, Firefox ESR < 78.2, and Firefox for Android < 80.
Package: firefox (Red Hat Enterprise Linux 5) - Out of support scope
Package: thunderbird (Red Hat Enterprise Linux 5) - Out of support scope
Debian
CVE-2020-15664: firefox - By holding a reference to the eval() function from an about:blank window, a mali...
vendor_debian·2020·CVSS 6.5
CVE-2020-15664 [MEDIUM] CVE-2020-15664: firefox - By holding a reference to the eval() function from an about:blank window, a mali...
By holding a reference to the eval() function from an about:blank window, a malicious webpage could have gained access to the InstallTrigger object which would allow them to prompt the user to install an extension. Combined with user confusion, this could result in an unintended or malicious extension being installed. This vulnerability affects Firefox < 80, Thunderbird < 78.2, Thunderbird < 68.12, Firefox ESR < 68.12, Firefox ESR < 78.2, and Firefox for Android < 80.
Scope: local
sid: resolved (fixed in 80.0-1)
Mozilla
Mozilla Foundation Security Advisory 2020-38: CVE-2020-15664
vendor_mozilla·CVSS 6.5
CVE-2020-15664 [MEDIUM] Mozilla Foundation Security Advisory 2020-38: CVE-2020-15664
Mozilla Foundation Security Advisory 2020-38
CVE: CVE-2020-15664
Product: Firefox ESR
Impact: high
Fixed in: Firefox ESR 78.2
Mozilla
Mozilla Foundation Security Advisory 2020-36: CVE-2020-15664
vendor_mozilla·CVSS 6.5
CVE-2020-15664 [MEDIUM] Mozilla Foundation Security Advisory 2020-36: CVE-2020-15664
Mozilla Foundation Security Advisory 2020-36
CVE: CVE-2020-15664
Product: Firefox
Impact: high
Fixed in: Firefox 80
Mozilla
Mozilla Foundation Security Advisory 2020-39: CVE-2020-15664
vendor_mozilla·CVSS 6.5
CVE-2020-15664 [MEDIUM] Mozilla Foundation Security Advisory 2020-39: CVE-2020-15664
Mozilla Foundation Security Advisory 2020-39
CVE: CVE-2020-15664
Product: Firefox for Android
Impact: high
Fixed in: Firefox for Android 80
Mozilla
Mozilla Foundation Security Advisory 2020-37: CVE-2020-15664
vendor_mozilla·CVSS 6.5
CVE-2020-15664 [MEDIUM] Mozilla Foundation Security Advisory 2020-37: CVE-2020-15664
Mozilla Foundation Security Advisory 2020-37
CVE: CVE-2020-15664
Product: Firefox ESR
Impact: high
Fixed in: Firefox ESR 68.12
Mozilla
Mozilla Foundation Security Advisory 2020-41: CVE-2020-15664
vendor_mozilla·CVSS 6.5
CVE-2020-15664 [MEDIUM] Mozilla Foundation Security Advisory 2020-41: CVE-2020-15664
Mozilla Foundation Security Advisory 2020-41
CVE: CVE-2020-15664
Product: Thunderbird
Impact: high
Fixed in: Thunderbird 78.2
Mozilla
Mozilla Foundation Security Advisory 2020-40: CVE-2020-15664
vendor_mozilla·CVSS 6.5
CVE-2020-15664 [MEDIUM] Mozilla Foundation Security Advisory 2020-40: CVE-2020-15664
Mozilla Foundation Security Advisory 2020-40
CVE: CVE-2020-15664
Product: Thunderbird
Impact: high
Fixed in: Thunderbird 68.12
GHSA
GHSA-f4gc-pc7j-rfxr: By holding a reference to the eval() function from an about:blank window, a malicious webpage could have gained access to the InstallTrigger object wh
ghsa_unreviewed·2022-05-24
CVE-2020-15664 [MEDIUM] CWE-863 GHSA-f4gc-pc7j-rfxr: By holding a reference to the eval() function from an about:blank window, a malicious webpage could have gained access to the InstallTrigger object wh
By holding a reference to the eval() function from an about:blank window, a malicious webpage could have gained access to the InstallTrigger object which would allow them to prompt the user to install an extension. Combined with user confusion, this could result in an unintended or malicious extension being installed. This vulnerability affects Firefox < 80, Thunderbird < 78.2, Thunderbird < 68.12, Firefox ESR < 68.12, Firefox ESR < 78.2, and Firefox for Android < 80.
OSV
CVE-2020-15664: By holding a reference to the eval() function from an about:blank window, a malicious webpage could have gained access to the InstallTrigger object wh
osv·2020-10-01·CVSS 6.5
CVE-2020-15664 [MEDIUM] CVE-2020-15664: By holding a reference to the eval() function from an about:blank window, a malicious webpage could have gained access to the InstallTrigger object wh
By holding a reference to the eval() function from an about:blank window, a malicious webpage could have gained access to the InstallTrigger object which would allow them to prompt the user to install an extension. Combined with user confusion, this could result in an unintended or malicious extension being installed. This vulnerability affects Firefox < 80, Thunderbird < 78.2, Thunderbird < 68.12, Firefox ESR < 68.12, Firefox ESR < 78.2, and Firefox for Android < 80.
OSV
firefox regressions
osv·2020-09-03·CVSS 4.7
[MEDIUM] firefox regressions
firefox regressions
USN-4474-1 fixed vulnerabilities in Firefox. The update introduced various
minor regressions. This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
Multiple security issues were discovered in Firefox. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service, trick the user
in to installing a malicious extension, spoof the URL bar, leak sensitive
information between origins, or execute arbitrary code. (CVE-2020-15664,
CVE-2020-15665, CVE-2020-15666, CVE-2020-15670)
It was discovered that NSS incorrectly handled certain signatures.
An attacker could possibly use this issue to expose sensitive information.
(CVE-2020-12400, CVE-2020-12401, CVE-2020-
OSV
firefox vulnerabilities
osv·2020-08-26·CVSS 4.7
CVE-2020-15664 [MEDIUM] firefox vulnerabilities
firefox vulnerabilities
Multiple security issues were discovered in Firefox. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service, trick the user
in to installing a malicious extension, spoof the URL bar, leak sensitive
information between origins, or execute arbitrary code. (CVE-2020-15664,
CVE-2020-15665, CVE-2020-15666, CVE-2020-15670)
It was discovered that NSS incorrectly handled certain signatures.
An attacker could possibly use this issue to expose sensitive information.
(CVE-2020-12400, CVE-2020-12401, CVE-2020-6829)
A data race was discovered when importing certificate information in to
the trust store. An attacker could potentially exploit this to cause an
unspecified impact. (CVE-2020-15668)
No detection rules found.
No public exploits indexed.
https://bugzilla.mozilla.org/show_bug.cgi?id=1658214https://www.mozilla.org/security/advisories/mfsa2020-36/https://www.mozilla.org/security/advisories/mfsa2020-37/https://www.mozilla.org/security/advisories/mfsa2020-38/https://www.mozilla.org/security/advisories/mfsa2020-39/https://www.mozilla.org/security/advisories/mfsa2020-40/https://www.mozilla.org/security/advisories/mfsa2020-41/https://bugzilla.mozilla.org/show_bug.cgi?id=1658214https://www.mozilla.org/security/advisories/mfsa2020-36/https://www.mozilla.org/security/advisories/mfsa2020-37/https://www.mozilla.org/security/advisories/mfsa2020-38/https://www.mozilla.org/security/advisories/mfsa2020-39/https://www.mozilla.org/security/advisories/mfsa2020-40/https://www.mozilla.org/security/advisories/mfsa2020-41/
2020-10-01
Published