| Vulnerability Name: | CVE-2020-26975 (CCN-193223) | ||||||||||||
| Assigned: | 2020-12-15 | ||||||||||||
| Published: | 2020-12-15 | ||||||||||||
| Updated: | 2021-01-12 | ||||||||||||
| Summary: | When a malicious application installed on the user's device broadcast an Intent to Firefox for Android, arbitrary headers could have been specified, leading to attacks such as abusing ambient authority or session fixation. This was resolved by only allowing certain safe-listed headers. Note: This issue only affected Firefox for Android. Other operating systems are unaffected. This vulnerability affects Firefox < 84. | ||||||||||||
| CVSS v3 Severity: | 6.5 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N) 5.7 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C)
5.7 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C)
| ||||||||||||
| CVSS v2 Severity: | 4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
| ||||||||||||
| Vulnerability Type: | CWE-noinfo | ||||||||||||
| Vulnerability Consequences: | Gain Access | ||||||||||||
| References: | Source: MITRE Type: CNA CVE-2020-26975 Source: MISC Type: Permissions Required https://bugzilla.mozilla.org/show_bug.cgi?id=1661071 Source: XF Type: UNKNOWN firefox-cve202026975-session-hijacking(193223) Source: CCN Type: IBM Security Bulletin 6454029 (Cloud Pak for Multicloud Management) Multiple vulnerabilities in Mozilla Firefox affect IBM Cloud Pak for Multicloud Management Monitoring Source: CCN Type: Mozilla Foundation Security Advisory 2020-54 Security Vulnerabilities fixed in Firefox 84 Source: MISC Type: Vendor Advisory https://www.mozilla.org/security/advisories/mfsa2020-54/ | ||||||||||||
| Vulnerable Configuration: | Configuration 1: Denotes that component is vulnerable | ||||||||||||
| Oval Definitions | |||||||||||||
| |||||||||||||
| BACK | |||||||||||||