CVE-2020-6823
CVSS v3.1
9.8 (Critical)
CVSS v2.0
7.5 (High)
EPSS
0.24 % (65th)
Affected Products
1
Advisories
5
A malicious extension could have called <code>browser.identity.launchWebAuthFlow</code>, controlling the redirect_uri, and through the Promise returned, obtain the Auth code and gain access to the user's account at the service provider. This vulnerability affects Firefox < 75.
Weaknesses
- CWE-862
- Missing Authorization
- CVE Status
- PUBLISHED
- CNA
- Mozilla Corporation
- Published Date
-
2020-04-24 16:15:13
(4 years ago) - Updated Date
-
2021-07-21 11:39:23
(3 years ago)
Affected Products
Loading...
Loading...
Loading...
Configuration #1
|
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...