PT-2020-14575 · Mozilla+3 · Firefox For Android+4

Gunes Acar

Published

2020-08-25

Updated

2024-12-12

CVE-2020-15666

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 80 Firefox for Android versions prior to 80

Description The issue allows for information leakage via the MediaError message when attempting to load non-video content in an audio/video context, disclosing the exact status code. This inconsistency with standardized onerror/onsuccess disclosure can lead to attacks such as inferring login status to services or device discovery on a local network.

Recommendations For Firefox versions prior to 80, update to version 80 or later to resolve the issue. For Firefox for Android versions prior to 80, update to version 80 or later to resolve the issue.

Exploit

Fix

Generation of Error Message Containing Sensitive Information

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-209

Related Identifiers

ALT-PU-2020-2706

ALT-PU-2020-3442

ALT-PU-2021-3368

CVE-2020-15666

OPENSUSE-SU-2024:10600-1

OPENSUSE-SU-2024:14572-1

USN-4474-1

USN-4474-2

Affected Products

Alt Linux

Firefox

Firefox For Android

Linuxmint

Ubuntu

PT-2020-14575 · Mozilla+3 · Firefox For Android+4

CVE-2020-15666

Weakness Enumeration

Related Identifiers

Affected Products

References · 1893