Main Vulnerability Database Vulnerabilities #VU49017

Permissions, Privileges, and Access Controls in Firefox for Android - CVE-2020-26975

Published: December 15, 2020

Vulnerability identifier: #VU49017

CSH Severity: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2020-26975

CWE-ID: CWE-264

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
Firefox for Android

Software vendor:
Mozilla

Description

The vulnerability allows a local application to bypass implemented security restrictions.

The vulnerability exists due to application does not properly impose security restrictions. When a malicious application installed on the user's device broadcast an Intent to Firefox for Android, arbitrary headers could have been specified, leading to attacks such as abusing ambient authority or session fixation. This was resolved by only allowing certain safe-listed headers

Remediation

Install updates from vendor's website.

External links

https://www.mozilla.org/en-US/security/advisories/mfsa2020-54/

Permissions, Privileges, and Access Controls in Firefox for Android - CVE-2020-26975

Description

Remediation

External links

Please verify you're human