Ubuntu.comUB:CVE-2020-15682CVE-2020-15682
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.001 Low
EPSS
Percentile
34.3%
When a link to an external protocol was clicked, a prompt was presented
that allowed the user to choose what application to open it in. An attacker
could induce that prompt to be associated with an origin they didn’t
control, resulting in a spoofing attack. This was fixed by changing
external protocol prompts to be tab-modal while also ensuring they could
not be incorrectly associated with a different origin. This vulnerability
affects Firefox < 82.
Notes
| Author | Note |
|---|---|
| tyhicks | mozjs contains a copy of the SpiderMonkey JavaScript engine |
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| ubuntu | 18.04 | noarch | firefox | < 82.0+build2-0ubuntu0.18.04.1 | UNKNOWN |
| ubuntu | 20.04 | noarch | firefox | < 82.0+build2-0ubuntu0.20.04.1 | UNKNOWN |
| ubuntu | 20.10 | noarch | firefox | < 82.0+build2-0ubuntu0.20.10.1 | UNKNOWN |
| ubuntu | 21.04 | noarch | firefox | < 82.0.2+build1-0ubuntu1 | UNKNOWN |
| ubuntu | 21.10 | noarch | firefox | < 82.0.2+build1-0ubuntu1 | UNKNOWN |
| ubuntu | 22.04 | noarch | firefox | < 82.0.2+build1-0ubuntu1 | UNKNOWN |
| ubuntu | 22.10 | noarch | firefox | < 82.0.2+build1-0ubuntu1 | UNKNOWN |
| ubuntu | 23.04 | noarch | firefox | < 82.0.2+build1-0ubuntu1 | UNKNOWN |
| ubuntu | 23.10 | noarch | firefox | < 82.0.2+build1-0ubuntu1 | UNKNOWN |
| ubuntu | 24.04 | noarch | firefox | < 82.0.2+build1-0ubuntu1 | UNKNOWN |
References
launchpad.net/bugs/cve/CVE-2020-15682
nvd.nist.gov/vuln/detail/CVE-2020-15682
security-tracker.debian.org/tracker/CVE-2020-15682
ubuntu.com/security/notices/USN-4599-1
ubuntu.com/security/notices/USN-4599-2
www.cve.org/CVERecord?id=CVE-2020-15682
www.mozilla.org/en-US/security/advisories/mfsa2020-45/#CVE-2020-15682
Related
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.001 Low
EPSS
Percentile
34.3%