CVE: CVE-2020-15677

Descrizione: By exploiting an Open Redirect vulnerability on a website, an attacker could have spoofed the site displayed in the download file dialog to show the original site (the one suffering from the open redirect) rather than the site the file was actually downloaded from. This vulnerability affects Firefox < 81, Thunderbird < 78.3, and Firefox ESR < 78.3.

Vettore di attacco

Riferimenti esterni

• https://www.mozilla.org/security/advisories/mfsa2020-43/
• https://www.mozilla.org/security/advisories/mfsa2020-44/
• https://www.mozilla.org/security/advisories/mfsa2020-42/
• https://bugzilla.mozilla.org/show_bug.cgi?id=1641487
• https://www.debian.org/security/2020/dsa-4770
• https://lists.debian.org/debian-lts-announce/2020/10/msg00020.html
• https://security.gentoo.org/glsa/202010-02
• http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00074.html
• http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00077.html

Prodotti interessati

• Mozilla – Firefox
• Mozilla – Thunderbird
• Mozilla – Firefox ESR

Relazioni con altri prodotti

Produttore:Mozilla
Prodotto: Firefox
Anno: 2020
CWE:
CVSS: 0.0

Produttore:Mozilla
Prodotto: Thunderbird
Anno: 2020
CWE:
CVSS: 0.0

Produttore:Mozilla
Prodotto: Firefox ESR
Anno: 2020
CWE:
CVSS: 0.0

Ulteriori risorse disponibili

• Vulnerabilità scoperte nello stesso anno (2020)