CVE-2020-15682: Medium severity firefox vulnerability

Q: What is the vulnerability ID?

The vulnerability ID is CVE-2020-15682.

Q: What is the severity of CVE-2020-15682?

The severity of CVE-2020-15682 is low.

Q: How does CVE-2020-15682 work?

When a link to an external protocol is clicked, a prompt is presented that allows the user to choose what application to open it in. An attacker can induce that prompt to be associated with an origin they don't control, resulting in a spoofing attack.

Q: Which software is affected by CVE-2020-15682?

Mozilla Firefox versions up to exclusive 82 are affected by CVE-2020-15682.

Q: How was CVE-2020-15682 fixed?

CVE-2020-15682 was fixed by changing external protocol handling in Mozilla Firefox.

Published Oct 20, 2020

Updated

When a link to an external protocol was clicked, a prompt was presented that allowed the user to choose what application to open it in. An attacker could induce that prompt to be associated with an origin they didn't control, resulting in a spoofing attack. This was fixed by changing external protocol prompts to be tab-modal while also ensuring they could not be incorrectly associated with a different origin.

Affected Software

2 affected componentsFixes available

Mozilla Firefox<82

Mozilla Firefox<82.0

Event History

Oct 20, 2020

CVE Published

12:00 AM

Oct 22, 2020

CVE Published

via MITRE·08:32 PM

Data Sourced

via MITRE·08:32 PM

DescriptionWeakness

Parent advisories

This vulnerability appears in the following advisories.

MFSA2020-45

Peer vulnerabilities

Found alongside the following vulnerabilities.

Frequently Asked Questions

What is the vulnerability ID?

The vulnerability ID is CVE-2020-15682.

What is the severity of CVE-2020-15682?

The severity of CVE-2020-15682 is low.

How does CVE-2020-15682 work?