1. Home
  2. Vulnerabilities
  3. CVE-2020-6808

CVE-2020-6808

CVSS v3.1 6.5 (Medium)
65% Progress
CVSS v2.0 4.3 (Medium)
43% Progress
EPSS 0.08 % (36th)
0.08% Progress
Affected Products 1
Advisories 4
Info CVSS EPSS CAPEC Affected Configurations References Security Advisories Packages & Software OVAL Tools, Exploits & PoC Graph Web & Social Timeline

When a JavaScript URL (javascript:) is evaluated and the result is a string, this string is parsed to create an HTML document, which is then presented. Previously, this document's URL (as reported by the document.location property, for example) was the originating javascript: URL which could lead to spoofing attacks; it is now correctly the URL of the originating document. This vulnerability affects Firefox < 74.

Weaknesses
CWE-290
Authentication Bypass by Spoofing
CVE Status
PUBLISHED
CNA
Mozilla Corporation
Published Date
2020-03-25 22:15:12
(4 years ago)
Updated Date
2020-03-27 14:40:48
(4 years ago)

Affected Products

Mozilla

Configuration #1

    CPE23 From Up To
  Mozilla Firefox prior 74.0 version cpe:2.3:a:mozilla:firefox < 74.0