Input validation error - CVE-2020-15650

 

Input validation error - CVE-2020-15650

Published: August 10, 2020 / Updated: August 13, 2020


Vulnerability identifier: #VU45688
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2020-15650
CWE-ID: CWE-20
Exploitation vector: Remote access
Exploit availability: No public exploit available
Vendor:
Affected software:

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to manipulate data.

Given an installed malicious file picker application, an attacker was able to overwrite local files and thus overwrite Firefox settings (but not access the previous profile). *Note: This issue only affected Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox ESR < 68.11.


How to mitigate CVE-2020-15650

Install update from vendor's website.

Sources