CVE-2020-15652 Information

Feb 14, 2021 cve

Description

By observing the stack trace for JavaScript errors in web workers it was possible to leak the result of a cross-origin redirect. This applied only to content that can be parsed as script. This vulnerability affects Firefox 79 Firefox ESR 68.11 Firefox ESR 78.1 Thunderbird 68.11 and Thunderbird 78.1.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Reference

http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00022.html http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00025.html http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00032.html https://bugzilla.mozilla.org/show_bug.cgi?id=1634872 https://usn.ubuntu.com/4443-1/ https://www.mozilla.org/security/advisories/mfsa2020-30/ https://www.mozilla.org/security/advisories/mfsa2020-31/ https://www.mozilla.org/security/advisories/mfsa2020-32/ https://www.mozilla.org/security/advisories/mfsa2020-33/ https://www.mozilla.org/security/advisories/mfsa2020-35/

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

REQUIRED

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

NONE

Base Score

NONE

Base Severity

6.5

Share on: