PT-2020-16569 · Mozilla+1 · Firefox For Android+1

Muneaki Nishimura

Published

2020-11-21

Updated

2024-12-12

CVE-2020-26954

CVSS v3.1

4.3

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Name of the Vulnerable Software and Affected Versions Firefox for Android versions prior to 83

Description The issue allows malicious intents from other installed apps to be accepted, enabling manifests from arbitrary file paths and declaring webapp manifests for other origins. This could lead to gaining fullscreen access for UI spoofing and cross-origin attacks on targeted websites.

Recommendations For Firefox for Android versions prior to 83, update to version 83 or later to resolve the issue. As a temporary workaround, consider restricting access to webapp manifests to minimize the risk of exploitation.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

ALT-PU-2020-3384

ALT-PU-2021-3368

CVE-2020-26954

OPENSUSE-SU-2024:10600-1

OPENSUSE-SU-2024:14572-1

Affected Products

Alt Linux

Firefox For Android

PT-2020-16569 · Mozilla+1 · Firefox For Android+1

CVE-2020-26954

Related Identifiers

Affected Products

References · 1872