PT-2020-13099 · Mozilla+3 · Firefox+3

Kestrel

Published

2020-05-05

Updated

2024-12-12

CVE-2020-12394

CVSS v3.1

3.3

Low

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 76

Description A logic flaw in the location bar implementation could have allowed a local attacker to spoof the current location by selecting a different origin and removing focus from the input element.

Recommendations For versions prior to 76, update to version 76 or later to resolve the issue. As a temporary workaround, consider restricting access to the location bar implementation until a patch is available.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

ALT-PU-2020-1943

ALT-PU-2020-2408

ALT-PU-2020-2933

ALT-PU-2020-3442

ALT-PU-2021-1368

ALT-PU-2021-3368

CVE-2020-12394

OPENSUSE-SU-2024:10600-1

OPENSUSE-SU-2024:14572-1

USN-4353-1

USN-4353-2

Affected Products

Alt Linux

Firefox

Linuxmint

Ubuntu

PT-2020-13099 · Mozilla+3 · Firefox+3

CVE-2020-12394

Related Identifiers

Affected Products

References · 1896