PT-2020-6729 · Mozilla+3 · Firefox+3

Rotem Kerner

Published

2020-10-20

Updated

2024-12-12

CVE-2020-15680

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 82

Description The issue allows an attacker to probe whether an external protocol handler is registered by distinguishing the broken image size of a valid external protocol handler from a non-existent one in an image tag. This can lead to unauthorized access to protected information using a specially crafted image tag.

Recommendations For Firefox versions prior to 82, update to version 82 or later to resolve the issue. As a temporary workaround, consider restricting the use of external protocol handlers until a patch is applied. Avoid using specially crafted image tags that could exploit this issue until the update is installed.

Exploit

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

ALT-PU-2020-3120

ALT-PU-2021-1152

ALT-PU-2021-2725

ALT-PU-2021-2881

ALT-PU-2021-3368

ALT-PU-2021-3369

ALT-PU-2022-1781

BDU:2022-05805

CVE-2020-15680

OESA-2023-1673

OESA-2023-1674

OPENSUSE-SU-2024:10600-1

OPENSUSE-SU-2024:14572-1

USN-4599-1

USN-4599-2

USN-4599-3

Affected Products

Alt Linux

Firefox

Linuxmint

Ubuntu

PT-2020-6729 · Mozilla+3 · Firefox+3

CVE-2020-15680

Weakness Enumeration

Related Identifiers

Affected Products

References · 2193