PT-2020-5970 · Mozilla · Firefox Esr

Andrea Palazzo

Published

2020-07-28

Updated

2020-08-12

CVE-2020-15649

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Firefox ESR versions prior to 68.11

Description The issue is related to a lack of restrictions on file uploads in Firefox ESR for Android, allowing an attacker to steal and upload local files of their choice. This could impact the confidentiality of protected information. The vulnerability can be exploited when a malicious file picker application is installed.

Recommendations For Firefox ESR versions prior to 68.11, update to version 68.11 or later to resolve the issue. As a temporary workaround, consider restricting the use of file picker applications in Firefox for Android until the update is applied.

Fix

Unrestricted File Upload

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-434

Related Identifiers

BDU:2021-02159

CVE-2020-15649

Affected Products

Firefox Esr

PT-2020-5970 · Mozilla · Firefox Esr

CVE-2020-15649

Weakness Enumeration

Related Identifiers

Affected Products

References · 7