EPSS
Percentile
64.6%
firefox is vulnerable to privilege escalation. A malicious extension is able to call browser.identity.launchWebAuthFlow and control the redirect_uri. Subsequently, the Auth code can be retrieved and access to user’s account is obtained.
browser.identity.launchWebAuthFlow
redirect_uri
bugzilla.mozilla.org/show_bug.cgi?id=1614919
www.mozilla.org/security/advisories/mfsa2020-12/