CVE-2020-15649: Malicious File Upload

Q: What is the severity of CVE-2020-15649?

The severity of CVE-2020-15649 is medium.

Q: What is the affected software of CVE-2020-15649?

The affected software of CVE-2020-15649 is Mozilla Firefox ESR version 68.11.

Q: What is the impact of CVE-2020-15649?

The impact of CVE-2020-15649 is that an attacker can steal and upload local files of their choosing.

Q: How can I fix CVE-2020-15649?

To fix CVE-2020-15649, update Mozilla Firefox to version 68.11 or newer.

Q: Where can I find more information about CVE-2020-15649?

You can find more information about CVE-2020-15649 on the Mozilla website and Bugzilla.

Published Jul 28, 2020

Updated

Given an installed malicious file picker application, an attacker was able to steal and upload local files of their choosing, regardless of the actually files picked. Note: This issue only affected Firefox for Android. Other operating systems are unaffected.

Other sources

Affected Software

3 affected componentsFixes available

Mozilla Firefox ESR<68.11

68.11

Mozilla Firefox ESR<68.11

Google Android

Event History

Jul 28, 2020

CVE Published

12:00 AM

Aug 10, 2020

CVE Published

via MITRE·05:43 PM

Data Sourced

via MITRE·05:43 PM

DescriptionWeakness

Parent advisories

This vulnerability appears in the following advisories.

MFSA2020-31

Peer vulnerabilities

Found alongside the following vulnerabilities.

Frequently Asked Questions

What is the severity of CVE-2020-15649?

The severity of CVE-2020-15649 is medium.

What is the affected software of CVE-2020-15649?

The affected software of CVE-2020-15649 is Mozilla Firefox ESR version 68.11.

What is the impact of CVE-2020-15649?