Main Vulnerability Database Vulnerabilities #VU48467

Improper Interaction Between Multiple Correctly-Behaving Entities in Mozilla Firefox - CVE-2020-26962

Published: November 17, 2020

Vulnerability identifier: #VU48467

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2020-26962

CWE-ID: CWE-435

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Mozilla

Affected software:
Mozilla Firefox

Detailed vulnerability description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists in the way cross-origin iframes supported login autofill is being performed. Cross-origin iframes that contained a login form could have been recognized by the login autofill service and populated. This could have been used in clickjacking attacks, as well as be read across partitions in dynamic first party isolation.

How to mitigate CVE-2020-26962

Install updates from vendor's website.

Sources

https://www.mozilla.org/en-US/security/advisories/mfsa2020-50/

Improper Interaction Between Multiple Correctly-Behaving Entities in Mozilla Firefox - CVE-2020-26962

Detailed vulnerability description

How to mitigate CVE-2020-26962

Sources

Please verify you're human