CVE-2020-12412: Medium severity firefox vulnerability

Q: What is CVE-2020-12412?

CVE-2020-12412 is a vulnerability in Mozilla Firefox that allows an attacker to manipulate the address bar to display an incorrect domain.

Q: How does CVE-2020-12412 work?

CVE-2020-12412 works by using the history API to navigate a tab and control the page contents, causing the address bar to display the incorrect domain.

Q: What is the severity of CVE-2020-12412?

CVE-2020-12412 has a severity level of medium.

Q: Which version of Mozilla Firefox is affected by CVE-2020-12412?

Mozilla Firefox version 70 (up to exclusive) is affected by CVE-2020-12412.

Q: How can I fix CVE-2020-12412?

To fix CVE-2020-12412, update Mozilla Firefox to a version higher than 70.

Published Oct 22, 2019

Updated

By navigating a tab using the history API, an attacker could cause the address bar to display the incorrect domain (with the https:// scheme, a blocked port number such as '1', and without a lock icon) while controlling the page contents.

Affected Software

2 affected componentsFixes available

Mozilla Firefox<70

Mozilla Firefox<70.0

Event History

Oct 22, 2019

CVE Published

12:00 AM

Jul 9, 2020

CVE Published

via MITRE·02:47 PM

Data Sourced

via MITRE·02:47 PM

DescriptionWeakness

Parent advisories

This vulnerability appears in the following advisories.

MFSA2019-34

Peer vulnerabilities

Found alongside the following vulnerabilities.

Frequently Asked Questions

What is CVE-2020-12412?

CVE-2020-12412 is a vulnerability in Mozilla Firefox that allows an attacker to manipulate the address bar to display an incorrect domain.

How does CVE-2020-12412 work?

CVE-2020-12412 works by using the history API to navigate a tab and control the page contents, causing the address bar to display the incorrect domain.

What is the severity of CVE-2020-12412?