CVE-2020-26978Sensitive Information Exposure in Mozilla Firefox

CWE-200Sensitive Information Exposure12 documents8 sources
Severity
6.1MEDIUMNVD
OSV6.5
EPSS
0.4%
top 37.88%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Mozilla FirefoxMozilla Firefox ESRMozilla Thunderbird
Timeline
PublishedJan 7
Latest updateMay 24

Description

Using techniques that built on the slipstream research, a malicious webpage could have exposed both an internal network's hosts as well as services running on the user's local machine. This vulnerability affects Firefox < 84, Thunderbird < 78.6, and Firefox ESR < 78.6.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages8 packages

CVEListV5mozilla/firefoxunspecified84
NVDmozilla/firefox< 84.0
CVEListV5mozilla/firefox_esrunspecified78.6
NVDmozilla/firefox_esr< 78.6.0
Ubuntumozilla/firefox< 84.0+build3-0ubuntu0.16.04.1+2

🔴Vulnerability Details

4
GHSA
GHSA-v298-98c4-32g7: Using techniques that built on the slipstream research, a malicious webpage could have exposed both an internal network's hosts as well as services ru2022-05-24
OSV
CVE-2020-26978: Using techniques that built on the slipstream research, a malicious webpage could have exposed both an internal network's hosts as well as services ru2021-01-07
CVEList
CVE-2020-26978: Using techniques that built on the slipstream research, a malicious webpage could have exposed both an internal network's hosts as well as services ru2021-01-07
OSV
firefox vulnerabilities2020-12-15

📋Vendor Advisories

7
Ubuntu
Thunderbird vulnerabilities2021-01-20
Red Hat
Mozilla: Internal network hosts could have been probed by a malicious webpage2020-12-15
Ubuntu
Firefox vulnerabilities2020-12-15
Debian
CVE-2020-26978: firefox - Using techniques that built on the slipstream research, a malicious webpage coul...2020
Mozilla
Mozilla Foundation Security Advisory 2020-56: CVE-2020-26978
CVE-2020-26978 — Sensitive Information Exposure | cvebase