CVE-2020-6810 Information

Description

After a website had entered fullscreen mode it could have used a previously opened popup to obscure the notification that indicates the browser is in fullscreen mode. Combined with spoofing the browser chrome this could have led to confusing the user about the current origin of the page and credential theft or other attacks. This vulnerability affects Firefox 74.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Reference

https://bugzilla.mozilla.org/show_bug.cgi?id=1432856 https://www.mozilla.org/security/advisories/mfsa2020-08/

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

REQUIRED

Confidentiality Impact

UNCHANGED

Integrity Impact

NONE

Availability Impact

LOW

Base Score

NONE

Base Severity

4.3