PT-2020-19238 · Mozilla+2 · Firefox+2

Avi Drissman

Published

2020-03-10

Updated

2024-12-12

CVE-2020-6810

CVSS v3.1

4.3

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 74

Description A issue exists where a website in fullscreen mode can use a previously opened popup to obscure the notification indicating the browser is in fullscreen mode. When combined with spoofing the browser chrome, this can confuse the user about the current origin of the page, potentially leading to credential theft or other attacks.

Recommendations For Firefox versions prior to 74, update to version 74 or later to resolve the issue.

Exploit

Fix

Authentication Bypass by Spoofing

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-290

Related Identifiers

ALT-PU-2020-1486

ALT-PU-2020-2408

ALT-PU-2020-2933

ALT-PU-2020-3442

ALT-PU-2021-1368

ALT-PU-2021-3368

CVE-2020-6810

OPENSUSE-SU-2024:10600-1

OPENSUSE-SU-2024:14572-1

USN-4299-1

Affected Products

Alt Linux

Firefox

Ubuntu

PT-2020-19238 · Mozilla+2 · Firefox+2

CVE-2020-6810

Weakness Enumeration

Related Identifiers

Affected Products

References · 1895