| |
Vulnerability CVE-2020-6808
Published: 2020-03-25 Modified: 2020-03-26
| Description: |
When a JavaScript URL (javascript:) is evaluated and the result is a string, this string is parsed to create an HTML document, which is then presented. Previously, this document's URL (as reported by the document.location property, for example) was the originating javascript: URL which could lead to spoofing attacks; it is now correctly the URL of the originating document. This vulnerability affects Firefox < 74. |
Type:
CWE-290 (Authentication Bypass by Spoofing)
CVSS2 => (AV:N/AC:M/Au:N/C:N/I:P/A:N)
| CVSS Base Score |
Impact Subscore |
Exploitability Subscore |
4.3/10 |
2.9/10 |
8.6/10 |
| Exploit range |
Attack complexity |
Authentication |
Remote |
Medium |
No required |
| Confidentiality impact |
Integrity impact |
Availability impact |
None |
Partial |
None |
References: |
https://bugzilla.mozilla.org/show_bug.cgi?id=1247968
https://www.mozilla.org/security/advisories/mfsa2020-08/
|
|
|
Copyright 2024, cxsecurity.com
|
|
|
