PT-2020-19250 · Mozilla+2 · Firefox For Android+3

Fatal0

Published

2020-04-09

Updated

2021-07-21

CVE-2020-6828

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions Firefox for Android versions prior to 68.7 Firefox ESR versions prior to 68.7

Description A malicious Android application could craft an Intent that would be processed by Firefox for Android, potentially resulting in a file overwrite in the user's profile directory. This could lead to the supply of a user.js file with arbitrary malicious preference values, allowing control of arbitrary preferences. This level of control is generally equivalent to arbitrary code execution.

Recommendations For Firefox for Android versions prior to 68.7, update to version 68.7 or later. For Firefox ESR versions prior to 68.7, update to version 68.7 or later.

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

ALT-PU-2020-1692

ALT-PU-2020-1699

CVE-2020-6828

OPENSUSE-SU-2020:0493-1

OPENSUSE-SU-2020_0493-1

SUSE-SU-2020:0971-1

SUSE-SU-2020:0978-1

SUSE-SU-2020:14339-1

Affected Products

Alt Linux

Firefox Esr

Firefox For Android

Suse

PT-2020-19250 · Mozilla+2 · Firefox For Android+3

CVE-2020-6828

Weakness Enumeration

Related Identifiers

Affected Products

References · 18