CVE-2020-6823

CVSS v3.1 9.8 (Critical)

CVSS v2.0 7.5 (High)

EPSS 0.24 % (65^th)

Affected Products 1

Advisories 5

A malicious extension could have called <code>browser.identity.launchWebAuthFlow</code>, controlling the redirect_uri, and through the Promise returned, obtain the Auth code and gain access to the user's account at the service provider. This vulnerability affects Firefox < 75.

Weaknesses

CWE-862: Missing Authorization

CVE Status: PUBLISHED
CNA: Mozilla Corporation
Published Date: 2020-04-24 16:15:13
(4 years ago)
Updated Date: 2021-07-21 11:39:23
(3 years ago)

Affected Products

Mozilla

Firefox

Configuration #1

		CPE23	From	Up To
	Mozilla Firefox prior 75.0 version	cpe:2.3:a:mozilla:firefox		< 75.0