PT-2020-6597 · Mozilla+4 · Firefox+6

Rob Wu

·

Published

2020-07-28

·

Updated

2024-12-12

·

CVE-2020-15655

CVSS v3.1

6.5

Medium

VectorAV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Name of the Vulnerable Software and Affected Versions Firefox ESR versions prior to 78.1 Firefox versions prior to 79 Thunderbird versions prior to 78.1
Description The issue is related to a CORS bypass in the implementation of the CORS mechanism in the affected software, potentially leading to the disclosure of cross-origin information. This could allow a remote attacker to gain unauthorized access to protected information. The vulnerability is associated with the inclusion of features from an untrusted controlled area.
Recommendations For Firefox ESR versions prior to 78.1, update to version 78.1 or later. For Firefox versions prior to 79, update to version 79 or later. For Thunderbird versions prior to 78.1, update to version 78.1 or later.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-829

Related Identifiers

ALT-PU-2020-2466
ALT-PU-2020-2598
ALT-PU-2020-2709
ALT-PU-2020-2933
ALT-PU-2020-2934
ALT-PU-2020-3442
ALT-PU-2021-1368
ALT-PU-2021-1369
ALT-PU-2021-2725
ALT-PU-2021-2881
ALT-PU-2021-3368
ALT-PU-2021-3369
ALT-PU-2022-1781
BDU:2022-00350
CVE-2020-15655
OPENSUSE-SU-2020:1147-1
OPENSUSE-SU-2020:1155-1
OPENSUSE-SU-2020:1189-1
OPENSUSE-SU-2020_1147-1
OPENSUSE-SU-2020_1155-1
OPENSUSE-SU-2020_1189-1
OPENSUSE-SU-2024:10600-1
OPENSUSE-SU-2024:14572-1
SUSE-SU-2020:14456-1
SUSE-SU-2020:2100-1
SUSE-SU-2020:2118-1
SUSE-SU-2020:2147-1
USN-4443-1

Affected Products

Alt Linux
Firefox
Firefox Esr
Linuxmint
Suse
Thunderbird
Ubuntu