CVE Vulnerabilities

CVE-2020-26975

Published: Jan 07, 2021 | Modified: Jan 12, 2021
CVSS 3.x
6.5
MEDIUM
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
CVSS 2.x
4.3 MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
RedHat/V2
RedHat/V3
Ubuntu
MEDIUM

When a malicious application installed on the users device broadcast an Intent to Firefox for Android, arbitrary headers could have been specified, leading to attacks such as abusing ambient authority or session fixation. This was resolved by only allowing certain safe-listed headers. Note: This issue only affected Firefox for Android. Other operating systems are unaffected.. This vulnerability affects Firefox < 84.

Affected Software

Name Vendor Start Version End Version
Firefox Mozilla * 84.0 (excluding)
Firefox Ubuntu trusty *
Firefox Ubuntu upstream *

References