PT-2020-6725 · Mozilla+3 · Firefox+3

Luan Herrera

Published

2020-08-25

Updated

2024-12-12

CVE-2020-15665

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 80

Description The issue is related to errors in the representation of information by the user interface. It may allow a remote attacker to conduct spoofing attacks. Specifically, Firefox did not reset the address bar after the beforeunload dialog was shown if the user chose to remain on the page, potentially resulting in an incorrect URL being displayed when combined with other unexpected browser behaviors.

Recommendations For versions prior to 80, update to version 80 or later to resolve the issue. As a temporary workaround, consider avoiding situations that trigger the beforeunload dialog to minimize the risk of exploitation.

Exploit

Fix

UI Misrepresentation of Critical Information

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-451

Related Identifiers

ALT-PU-2020-2706

ALT-PU-2020-3442

ALT-PU-2021-2725

ALT-PU-2021-2881

ALT-PU-2021-3368

ALT-PU-2021-3369

ALT-PU-2022-1781

BDU:2022-05801

CVE-2020-15665

OPENSUSE-SU-2024:10600-1

OPENSUSE-SU-2024:14572-1

USN-4474-1

USN-4474-2

Affected Products

Alt Linux

Firefox

Linuxmint

Ubuntu

PT-2020-6725 · Mozilla+3 · Firefox+3

CVE-2020-15665

Weakness Enumeration

Related Identifiers

Affected Products

References · 1898