Main Vulnerability Database Vulnerabilities #VU45686

Arbitrary file upload - CVE-2020-15649

Published: August 10, 2020 / Updated: August 13, 2020

Vulnerability identifier: #VU45686

CSH Severity: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2020-15649

CWE-ID: CWE-434

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:

Software vendor:

Description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

Given an installed malicious file picker application, an attacker was able to steal and upload local files of their choosing, regardless of the actually files picked. *Note: This issue only affected Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox ESR < 68.11.

Remediation

Install update from vendor's website.

External links

https://bugzilla.mozilla.org/buglist.cgi?bug_id=1475835%2C1652364
https://www.mozilla.org/security/advisories/mfsa2020-31/

Arbitrary file upload - CVE-2020-15649

Description

Remediation

External links

Please verify you're human