Ubuntu.comUB:CVE-2020-26967CVE-2020-26967
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.001 Low
EPSS
Percentile
34.3%
When listening for page changes with a Mutation Observer, a malicious web
page could confuse Firefox Screenshots into interacting with elements other
than those that it injected into the page. This would lead to internal
errors and unexpected behavior in the Screenshots code. This vulnerability
affects Firefox < 83.
Notes
| Author | Note |
|---|---|
| tyhicks | mozjs contains a copy of the SpiderMonkey JavaScript engine |
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| ubuntu | 18.04 | noarch | firefox | < 83.0+build2-0ubuntu0.18.04.2 | UNKNOWN |
| ubuntu | 20.04 | noarch | firefox | < 83.0+build2-0ubuntu0.20.04.1 | UNKNOWN |
| ubuntu | 20.10 | noarch | firefox | < 83.0+build2-0ubuntu0.20.10.1 | UNKNOWN |
| ubuntu | 21.04 | noarch | firefox | < 83.0+build2-0ubuntu1 | UNKNOWN |
| ubuntu | 21.10 | noarch | firefox | < 83.0+build2-0ubuntu1 | UNKNOWN |
| ubuntu | 22.04 | noarch | firefox | < 83.0+build2-0ubuntu1 | UNKNOWN |
| ubuntu | 22.10 | noarch | firefox | < 83.0+build2-0ubuntu1 | UNKNOWN |
| ubuntu | 23.04 | noarch | firefox | < 83.0+build2-0ubuntu1 | UNKNOWN |
| ubuntu | 23.10 | noarch | firefox | < 83.0+build2-0ubuntu1 | UNKNOWN |
| ubuntu | 24.04 | noarch | firefox | < 83.0+build2-0ubuntu1 | UNKNOWN |
References
launchpad.net/bugs/cve/CVE-2020-26967
nvd.nist.gov/vuln/detail/CVE-2020-26967
security-tracker.debian.org/tracker/CVE-2020-26967
ubuntu.com/security/notices/USN-4637-1
ubuntu.com/security/notices/USN-4637-2
www.cve.org/CVERecord?id=CVE-2020-26967
www.mozilla.org/en-US/security/advisories/mfsa2020-50/#CVE-2020-26967
Related
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.001 Low
EPSS
Percentile
34.3%