4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
4.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
0.001 Low
EPSS
Percentile
36.1%
A unicode RTL order character in the downloaded file name can be used to
change the file’s name during the download UI flow to change the file
extension. This vulnerability affects Firefox for iOS < 28.
Author | Note |
---|---|
tyhicks | mozjs contains a copy of the SpiderMonkey JavaScript engine |
mdeslaur | iOS specific issue |
bugzilla.mozilla.org/show_bug.cgi?id=1649160
launchpad.net/bugs/cve/CVE-2020-15651
nvd.nist.gov/vuln/detail/CVE-2020-15651
security-tracker.debian.org/tracker/CVE-2020-15651
www.cve.org/CVERecord?id=CVE-2020-15651
www.mozilla.org/en-US/security/advisories/mfsa2020-34/#CVE-2020-15651
www.mozilla.org/security/advisories/mfsa2020-34/
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
4.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
0.001 Low
EPSS
Percentile
36.1%