ByteOS Network

NVD Vulnerability Details :

CVE-2020-26962

Analyzed

Source-security@mozilla.org

Published At-09 Dec, 2020 | 01:15

Updated At-10 Dec, 2020 | 17:36

Cross-origin iframes that contained a login form could have been recognized by the login autofill service, and populated. This could have been used in clickjacking attacks, as well as be read across partitions in dynamic first party isolation. This vulnerability affects Firefox < 83.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.1	6.1	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Primary	2.0	4.3	MEDIUM	AV:N/AC:M/Au:N/C:N/I:P/A:N

CPE Matches

Mozilla Corporation

>>firefox>>Versions before 83.0(exclusive)

cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-1021	Primary	nvd@nist.gov

References

Hyperlink	Source	Resource
https://bugzilla.mozilla.org/show_bug.cgi?id=610997	security@mozilla.org	Issue Tracking Permissions Required Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2020-50/	security@mozilla.org	Vendor Advisory

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History