CVE-2020-15655

CVSS v3.1 6.5 (Medium)

CVSS v2.0 4.3 (Medium)

EPSS 0.23 % (61^th)

Affected Products 5

Advisories 11

A redirected HTTP request which is observed or modified through a web extension could bypass existing CORS checks, leading to potential disclosure of cross-origin information. This vulnerability affects Firefox ESR < 78.1, Firefox < 79, and Thunderbird < 78.1.

Weaknesses

CWE-NVD-noinfo

CVE Status: PUBLISHED
CNA: Mozilla Corporation
Published Date: 2020-08-10 18:15:12
(4 years ago)
Updated Date: 2022-05-03 13:00:43
(2 years ago)

Affected Products

Canonical

Ubuntu Linux

Mozilla

Opensuse

Leap

Configuration #1

	CPE23	Up To
Mozilla Firefox prior 79.0 version	cpe:2.3:a:mozilla:firefox	< 79.0
Mozilla Firefox Esr prior 78.1 version	cpe:2.3:a:mozilla:firefox_esr	< 78.1
Mozilla Thunderbird prior 78.1 version	cpe:2.3:a:mozilla:thunderbird	< 78.1

Configuration #2

		CPE23	From	Up To
	Opensuse Leap 15.2	cpe:2.3:o:opensuse:leap:15.2

Configuration #3

		CPE23	From	Up To
	Canonical Ubuntu Linux 16.04	cpe:2.3:o:canonical:ubuntu_linux:16.04:::*:esm
	Canonical Ubuntu Linux 18.04	cpe:2.3:o:canonical:ubuntu_linux:18.04:::*:lts
	Canonical Ubuntu Linux 20.04	cpe:2.3:o:canonical:ubuntu_linux:20.04:::*:lts