PT-2020-16581 · Mozilla+3 · Firefox+3

Kaizer Soze

·

Published

2020-11-17

·

Updated

2024-12-12

·

CVE-2020-26967

CVSS v3.1

6.5

Medium

VectorAV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Name of the Vulnerable Software and Affected Versions Firefox versions prior to 83
Description A malicious web page could confuse Firefox Screenshots into interacting with elements other than those that it injected into the page when listening for page changes with a Mutation Observer. This would lead to internal errors and unexpected behavior in the Screenshots code.
Recommendations For versions prior to 83, update to version 83 or later to resolve the issue. As a temporary workaround, consider disabling the use of Mutation Observers in Firefox Screenshots until a patch is available. Restrict access to sensitive elements to minimize the risk of exploitation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Related Identifiers

ALT-PU-2020-3384
ALT-PU-2021-2725
ALT-PU-2021-2881
ALT-PU-2021-3368
ALT-PU-2021-3369
ALT-PU-2022-1781
ALT-PU-2022-1782
CVE-2020-26967
OPENSUSE-SU-2024:10600-1
OPENSUSE-SU-2024:14572-1
USN-4637-1
USN-4637-2

Affected Products

Alt Linux
Firefox
Linuxmint
Ubuntu