Firefox did not block execution of scripts with incorrect MIME types when the response was intercepted and cached through a ServiceWorker. This could lead to a cross-site script inclusion vulnerability, or a Content Security Policy bypass. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5.

CPENameOperatorVersion
firefoxlt83.0
firefox_esrlt78.5
thunderbirdlt78.5

Name	Operator	Version
firefox	lt	83.0
firefox_esr	lt	78.5
thunderbird	lt	78.5

References

bugzilla.mozilla.org/show_bug.cgi?id=1669355

www.mozilla.org/security/advisories/mfsa2020-50/

www.mozilla.org/security/advisories/mfsa2020-51/

www.mozilla.org/security/advisories/mfsa2020-52/

redhatcve 1

cve 1

ubuntucve 1

alpinelinux 1

debiancve 1

cvelist 1

veracode 1

nvd 1

debian 4

nessus 57

redhat 12

osv 6

openvas 22

oraclelinux 6

centos 2

mageia 2

gentoo 2

suse 5

kaspersky 3

ibm 1

mozilla 3

altlinux 2

ubuntu 3

amazon 1

archlinux 1

rosalinux 1

redhatcve

CVE-2020-26958

2020-11-18 01:09:11

cve

CVE-2020-26958

2020-12-09 01:15:13

ubuntucve

CVE-2020-26958

2020-11-17 00:00:00

alpinelinux

CVE-2020-26958

2020-12-09 01:15:13

debiancve

CVE-2020-26958

2020-12-09 01:15:13

cvelist

CVE-2020-26958

2020-12-09 00:22:19

veracode

Content Security Bypass

2020-11-20 09:43:17

nvd

CVE-2020-26958

2020-12-09 01:15:13

debian

[SECURITY] [DSA 4793-1] firefox-esr security update

2020-11-18 18:44:22

[SECURITY] [DLA 2464-1] thunderbird security update

2020-11-23 09:55:28

[SECURITY] [DSA 4796-1] thunderbird security update

2020-11-21 18:32:57

nessus

Debian DSA-4796-1 : thunderbird - security update

2020-11-23 00:00:00

RHEL 8 : firefox (RHSA-2020:5234)

2020-11-30 00:00:00

RHEL 8 : thunderbird (RHSA-2020:5232)

2020-11-30 00:00:00

redhat

(RHSA-2020:5235) Important: thunderbird security update

2020-11-30 08:15:59

(RHSA-2020:5238) Important: thunderbird security update

2020-11-30 08:19:49

(RHSA-2020:5232) Important: thunderbird security update

2020-11-30 08:15:49

osv

thunderbird - security update

2020-11-21 00:00:00

thunderbird - security update

2020-11-23 00:00:00

firefox-esr - security update

2020-11-19 00:00:00

openvas

Debian: Security Advisory (DLA-2464-1)

2020-11-24 00:00:00

Debian: Security Advisory (DSA-4796-1)

2020-11-23 00:00:00

CentOS: Security Advisory for firefox (CESA-2020:5239)

2020-12-10 00:00:00

oraclelinux

thunderbird security update

2020-12-01 00:00:00

thunderbird security update

2020-12-01 00:00:00

firefox security update

2020-12-01 00:00:00

centos

thunderbird security update

2020-12-09 20:24:41

firefox security update

2020-12-09 20:21:57

mageia

Updated firefox and nss packages fix security vulnerabilities

2020-11-19 11:52:41

Updated thunderbird packages fix security vulnerabilities

2020-11-21 15:21:00

gentoo

Mozilla Firefox: Multiple vulnerabilities

2020-12-07 00:00:00

Mozilla Thunderbird: Multiple vulnerabilities

2020-12-07 00:00:00

suse

Security update for MozillaThunderbird (important)

2020-11-28 00:00:00

Security update for MozillaFirefox (important)

2020-11-26 00:00:00

Security update for MozillaFirefox (important)

2020-11-26 00:00:00

kaspersky

KLA12012 Multiple vulnerabilities in Mozilla Thunderbird

2020-11-17 00:00:00

KLA12011 Multiple vulnerabilities in Mozilla Firefox ESR

2020-11-17 00:00:00

KLA12010 Multiple vulnerabilities in Mozilla Firefox

2020-11-17 00:00:00

ibm

Security Bulletin: Multiple vulnerabilities of Mozilla Firefox (less than Firefox 78.5 ESR + CVE-2020-26951) have affected Synthetic Playback Agent 8.1.4.0-8.1.4 IF11 + ICAM2019.3.0 - 2020.2.0

2021-02-25 07:21:06

mozilla

Security Vulnerabilities fixed in Thunderbird 78.5 — Mozilla

2020-11-17 00:00:00

Security Vulnerabilities fixed in Firefox ESR 78.5 — Mozilla

2020-11-17 00:00:00

Security Vulnerabilities fixed in Firefox 83 — Mozilla

2020-11-17 00:00:00

altlinux

Security fix for the ALT Linux 10 package thunderbird version 78.5.0-alt1

2020-11-19 00:00:00

Security fix for the ALT Linux 10 package firefox-esr version 78.5.0-alt1

2020-11-16 00:00:00

ubuntu

Thunderbird vulnerabilities

2020-11-25 00:00:00

Firefox vulnerabilities

2020-11-18 00:00:00

Firefox vulnerabilities

2020-11-19 00:00:00

amazon

Important: thunderbird

2021-01-05 23:35:00

archlinux

[ASA-202011-12] firefox: multiple issues

2020-11-17 00:00:00

rosalinux

Advisory ROSA-SA-2021-1835

2021-07-02 16:43:38

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

6.1 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

48.8%

JSON

Related for PRION:CVE-2020-26958