CVE-2020-26966Sensitive Information Exposure in Mozilla Firefox

CWE-200Sensitive Information Exposure9 documents7 sources
Severity
6.5MEDIUMNVD
EPSS
0.4%
top 36.57%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Mozilla FirefoxMozilla Firefox ESRMozilla Thunderbird
Timeline
PublishedDec 9
Latest updateMay 24

Description

Searching for a single word from the address bar caused an mDNS request to be sent on the local network searching for a hostname consisting of that string; resulting in an information leak. *Note: This issue only affected Windows operating systems. Other operating systems are unaffected.*. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages6 packages

CVEListV5mozilla/firefox< 83
NVDmozilla/firefox< 83.0
CVEListV5mozilla/firefox_esr< 78.5
CVEListV5mozilla/thunderbird< 78.5

🔴Vulnerability Details

3
GHSA
GHSA-c627-2gcf-x56f: Searching for a single word from the address bar caused an mDNS request to be sent on the local network searching for a hostname consisting of that st2022-05-24
CVEList
CVE-2020-26966: Searching for a single word from the address bar caused an mDNS request to be sent on the local network searching for a hostname consisting of that st2020-12-09
OSV
CVE-2020-26966: Searching for a single word from the address bar caused an mDNS request to be sent on the local network searching for a hostname consisting of that st2020-12-09

📋Vendor Advisories

5
Red Hat
Mozilla: Single-word search queries were also broadcast to local network2020-11-17
Debian
CVE-2020-26966: firefox - Searching for a single word from the address bar caused an mDNS request to be se...2020
Mozilla
Mozilla Foundation Security Advisory 2020-51: CVE-2020-26966
Mozilla
Mozilla Foundation Security Advisory 2020-50: CVE-2020-26966
Mozilla
Mozilla Foundation Security Advisory 2020-52: CVE-2020-26966
CVE-2020-26966 — Sensitive Information Exposure | cvebase