CVE-2020-26975 Information
Jun 07, 2022
cve
Description
When a malicious application installed on the user’s device broadcast an Intent to Firefox for Android arbitrary headers could have been specified leading to attacks such as abusing ambient authority or session fixation. This was resolved by only allowing certain safe-listed headers. Note: This issue only affected Firefox for Android. Other operating systems are unaffected.. This vulnerability affects Firefox < 84.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Reference
https://www.mozilla.org/security/advisories/mfsa2020-54/ https://bugzilla.mozilla.org/show_bug.cgi?id=1661071
Attack Complexity
LOW
Privileges Required
NONE
User Interaction Required
NONE
Scope
REQUIRED
Confidentiality Impact
UNCHANGED
Integrity Impact
NONE
Availability Impact
HIGH
Base Score
NONE
Base Severity
6.5
Share on: