CVE-2020-15666: Medium severity firefox vulnerability

Q: What is the vulnerability ID for this vulnerability?

The vulnerability ID is CVE-2020-15666.

Q: What is the severity of CVE-2020-15666?

The severity of CVE-2020-15666 is medium with a CVSS score of 6.5.

Q: Which software products are affected by CVE-2020-15666?

Mozilla Firefox version 80 and Google Android are affected by CVE-2020-15666.

Q: How does CVE-2020-15666 impact users?

CVE-2020-15666 can lead to the disclosure of exact status codes, which can enable attackers to infer login status.

Q: How can I fix CVE-2020-15666?

Update Mozilla Firefox to version 80 or later to fix CVE-2020-15666.

Published Aug 25, 2020

Updated

When trying to load a non-video in an audio/video context the exact status code (200, 302, 404, 500, 412, 403, etc.) was disclosed via the MediaError Message. This level of information leakage is inconsistent with the standardized onerror/onsuccess disclosure and can lead to inferring login status to services or device discovery on a local network among other attacks.

Affected Software

5 affected componentsFixes available

All of the following

Mozilla Firefox=80

Google Android

Mozilla Firefox<80

Mozilla Firefox<80.0

Mozilla Firefox Android<80.0

Event History

Aug 25, 2020

CVE Published

via Mozilla·12:00 AM

Oct 1, 2020

CVE Published

via MITRE·06:42 PM

Data Sourced

via MITRE·06:42 PM

DescriptionWeakness

Parent advisories

This vulnerability appears in the following advisories.

Peer vulnerabilities

Found alongside the following vulnerabilities.

Frequently Asked Questions

What is the vulnerability ID for this vulnerability?

The vulnerability ID is CVE-2020-15666.

What is the severity of CVE-2020-15666?

The severity of CVE-2020-15666 is medium with a CVSS score of 6.5.

Which software products are affected by CVE-2020-15666?