PT-2020-16590 · Mozilla+3 · Firefox+3

David Schütz

Published

2020-12-15

Updated

2024-12-12

CVE-2020-26979

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 84

Description A issue exists where a website could capture the event of a user typing a URL in the address bar or search bar and quickly hitting the enter key, allowing the website to redirect the user before navigation occurred to the desired address. To construct a convincing spoof, the attacker would have had to guess what the user was typing, perhaps by suggesting it.

Recommendations For versions prior to 84, update to version 84 or later to resolve the issue.

Exploit

Fix

Open Redirect

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-601

Related Identifiers

ALT-PU-2020-3529

ALT-PU-2021-2725

ALT-PU-2021-2881

ALT-PU-2021-3368

ALT-PU-2021-3369

ALT-PU-2022-1781

ALT-PU-2022-1782

CVE-2020-26979

OESA-2023-1673

OESA-2023-1674

OESA-2024-2320

OPENSUSE-SU-2024:10600-1

OPENSUSE-SU-2024:14572-1

USN-4671-1

Affected Products

Alt Linux

Firefox

Linuxmint

Ubuntu

PT-2020-16590 · Mozilla+3 · Firefox+3

CVE-2020-26979

Weakness Enumeration

Related Identifiers

Affected Products

References · 2188