CVE-2020-15665User Interface (UI) Misrepresentation of Critical Information in Mozilla Firefox

CWE-451User Interface (UI) Misrepresentation of Critical Information11 documents8 sources
Severity
4.3MEDIUMNVD
OSV4.7
EPSS
0.2%
top 59.72%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Mozilla FirefoxDebian Firefox
Timeline
PublishedOct 1
Latest updateMay 24

Description

Firefox did not reset the address bar after the beforeunload dialog was shown if the user chose to remain on the page. This could have resulted in an incorrect URL being shown when used in conjunction with other unexpected browser behaviors. This vulnerability affects Firefox < 80.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages5 packages

debiandebian/firefox< firefox 80.0-1 (sid)
CVEListV5mozilla/firefoxunspecified80
NVDmozilla/firefox< 80.0
Ubuntumozilla/firefox< 80.0+build2-0ubuntu0.16.04.1+5
mozillamozilla/firefox

🔴Vulnerability Details

4
GHSA
GHSA-24p6-rvcm-7q74: Firefox did not reset the address bar after the beforeunload dialog was shown if the user chose to remain on the page2022-05-24
OSV
firefox regressions2020-09-03
OSV
CVE-2020-15665: Firefox did not reset the address bar after the beforeunload dialog was shown if the user chose to remain on the page2020-08-26
OSV
firefox vulnerabilities2020-08-26

📋Vendor Advisories

5
Red Hat
firefox: Address bar not reset when choosing to stay on a page after the beforeunload dialog is shown2020-10-05
Ubuntu
Firefox regressions2020-09-03
Ubuntu
Firefox vulnerabilities2020-08-26
Debian
CVE-2020-15665: firefox - Firefox did not reset the address bar after the beforeunload dialog was shown if...2020
Mozilla
Mozilla Foundation Security Advisory 2020-36: CVE-2020-15665

💬Community

1
Bugzilla
CVE-2020-15665 firefox: Address bar not reset when choosing to stay on a page after the beforeunload dialog is shown2020-10-05