Lucene search

K
cvelistMozillaCVELIST:CVE-2020-6809
HistoryMar 25, 2020 - 9:13 p.m.

CVE-2020-6809

2020-03-2521:13:17
mozilla
www.cve.org
7
web extension
local files
fetch request
same-origin
firefox.

AI Score

7.5

Confidence

High

EPSS

0.002

Percentile

55.1%

When a Web Extension had the all-urls permission and made a fetch request with a mode set to ‘same-origin’, it was possible for the Web Extension to read local files. This vulnerability affects Firefox < 74.

CNA Affected

[
  {
    "product": "Firefox",
    "vendor": "Mozilla",
    "versions": [
      {
        "lessThan": "74",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]