CVE-2020-26967 — Mozilla Firefox vulnerability

7 documents6 sources

Severity

6.5MEDIUMNVD

EPSS

0.3%

top 48.16%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox Debian Firefox

Timeline

PublishedDec 9

Latest updateMay 24

Description

When listening for page changes with a Mutation Observer, a malicious web page could confuse Firefox Screenshots into interacting with elements other than those that it injected into the page. This would lead to internal errors and unexpected behavior in the Screenshots code. This vulnerability affects Firefox < 83.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages5 packages

▶debiandebian/firefox< firefox 83.0-1 (sid)

▶CVEListV5mozilla/firefox< 83

▶NVDmozilla/firefox< 83.0

▶Ubuntumozilla/firefox< 83.0+build2-0ubuntu0.16.04.3+2

▶mozillamozilla/firefox

🔴Vulnerability Details

GHSA

GHSA-g4xj-2594-cc4j: When listening for page changes with a Mutation Observer, a malicious web page could confuse Firefox Screenshots into interacting with elements other↗2022-05-24

▶

OSV

CVE-2020-26967: When listening for page changes with a Mutation Observer, a malicious web page could confuse Firefox Screenshots into interacting with elements other↗2020-11-17

▶

📋Vendor Advisories

Ubuntu

Firefox vulnerabilities↗2020-11-19

▶

Ubuntu

Firefox vulnerabilities↗2020-11-18

▶

Debian

CVE-2020-26967: firefox - When listening for page changes with a Mutation Observer, a malicious web page c...↗2020

▶

Mozilla

Mozilla Foundation Security Advisory 2020-50: CVE-2020-26967↗

▶