CVE-2020-26962

CVSS v3.1 6.1 (Medium)

CVSS v2.0 4.3 (Medium)

EPSS 0.08 % (37^th)

Affected Products 1

Advisories 5

Cross-origin iframes that contained a login form could have been recognized by the login autofill service, and populated. This could have been used in clickjacking attacks, as well as be read across partitions in dynamic first party isolation. This vulnerability affects Firefox < 83.

Weaknesses

CWE-1021: Improper Restriction of Rendered UI Layers or Frames

CVE Status: PUBLISHED
CNA: Mozilla Corporation
Published Date: 2020-12-09 01:15:13
(3 years ago)
Updated Date: 2020-12-10 17:36:12
(3 years ago)

Affected Products

Mozilla

Firefox

Configuration #1

		CPE23	From	Up To
	Mozilla Firefox prior 83.0 version	cpe:2.3:a:mozilla:firefox		< 83.0