CVE-2020-6809: High severity Mozilla Firefox vulnerability
Published Mar 10, 2020
·Updated
Last updated 25 August 2025
Other sources
When a Web Extension had the all-urls permission and made a fetch request with a mode set to 'same-origin', it was possible for the Web Extension to read local files.
Affected Software
3 affected componentsFixes available
Mozilla Firefox<74
74
Mozilla Firefox<74.0
debian/firefox
147.0.4-1
Event History
Mar 10, 2020
CVE Published
12:00 AM
Mar 25, 2020
CVE Published
via MITRE·09:13 PM
Data Sourced
via MITRE·09:13 PM
DescriptionWeakness
Jan 11, 2024
Data Sourced
via Launchpad·11:52 PM
Description
Feb 23, 2026
Data Sourced
via Ubuntu·03:19 PM
RemedyDescriptionSeverityAffected Software
Data Sourced
via Debian·03:20 PM
DescriptionAffected Software
Peer vulnerabilities
Found alongside the following vulnerabilities.
Frequently Asked Questions
1
What is CVE-2020-6809?
CVE-2020-6809 is a vulnerability in Mozilla Firefox that allows Web Extensions with the all-urls permission to read local files.
2
How severe is CVE-2020-6809?
CVE-2020-6809 has a severity value of 4, which is considered medium.
3
Which versions of Mozilla Firefox are affected by CVE-2020-6809?
Mozilla Firefox versions up to and excluding 74 are affected by CVE-2020-6809.
4
How can I fix CVE-2020-6809?
To fix CVE-2020-6809, update Mozilla Firefox to version 74 or higher.
5
Where can I find more information about CVE-2020-6809?
You can find more information about CVE-2020-6809 on the Mozilla Bugzilla website and the Mozilla security advisories page.