PT-2020-6747 · Mozilla+6 · Firefox For Android+9
Kaizer Soze
·
Published
2020-08-25
·
Updated
2024-12-12
·
CVE-2020-15664
CVSS v2.0
7.8
High
| Vector | AV:N/AC:L/Au:N/C:N/I:C/A:N |
Name of the Vulnerable Software and Affected Versions
Firefox versions prior to 80
Thunderbird versions prior to 78.2
Thunderbird versions prior to 68.12
Firefox ESR versions prior to 78.2
Firefox ESR versions prior to 68.12
Firefox for Android versions prior to 80
Description
A malicious webpage could gain access to the InstallTrigger object by holding a reference to the
eval() function from an about:blank window. This could allow them to prompt the user to install an extension, potentially resulting in an unintended or malicious extension being installed due to user confusion.Recommendations
For Firefox versions prior to 80, update to version 80 or later.
For Thunderbird versions prior to 78.2, update to version 78.2 or later.
For Thunderbird versions prior to 68.12, update to version 68.12 or later.
For Firefox ESR versions prior to 78.2, update to version 78.2 or later.
For Firefox ESR versions prior to 68.12, update to version 68.12 or later.
For Firefox for Android versions prior to 80, update to version 80 or later.
Fix
Incorrect Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Alt Linux
Centos
Firefox
Firefox Esr
Firefox For Android
Linuxmint
Red Hat
Suse
Thunderbird
Ubuntu