PT-2020-17257 · Mozilla+6 · Firefox+8
Yassine Tioual
·
Published
2020-12-15
·
Updated
2024-12-12
·
CVE-2020-35111
CVSS v3.1
4.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Firefox versions prior to 84
Thunderbird versions prior to 78.6
Firefox ESR versions prior to 78.6
Description
The issue arises when an extension with the proxy permission is registered to receive
all urls. In such cases, the proxy.onRequest callback is not triggered for view-source URLs. Although web content cannot navigate to these URLs, a user who opens View Source could inadvertently leak their IP address.Recommendations
For Firefox versions prior to 84, update to version 84 or later.
For Thunderbird versions prior to 78.6, update to version 78.6 or later.
For Firefox ESR versions prior to 78.6, update to version 78.6 or later.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Alt Linux
Centos
Firefox
Firefox Esr
Linuxmint
Red Hat
Suse
Thunderbird
Ubuntu