CVE-2020-26975
Description
When a malicious application installed on the users device broadcast an Intent to Firefox for Android, arbitrary headers could have been specified, leading to attacks such as abusing ambient authority or session fixation. This was resolved by only allowing certain safe-listed headers. *Note: This issue only affected Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 84.
Risk Information
Base Score
6.5
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
EPSS Score
Exploitation Probability
0.379
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Multiple vulnerabilities fixed in Mozilla Firefox (84.0) | Windows |
| Multiple vulnerabilities fixed in Mozilla Firefox (x64) (84.0) | Windows |
| Multiple vulnerabilities are fixed in Mozilla Firefox For Mac (84.0) | Mac |
| Multiple vulnerabilities are fixed in Mozilla Firefox For Mac (84.0.1) | Mac |
| Multiple vulnerabilities are fixed in Mozilla Firefox For Mac (84.0.2) | Mac |
| Multiple Vulnerabilities are affected in Mozilla Firefox for Mac 83.0 | Mac |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-317521 | Mozilla Firefox (84.0) |
| PATCH-317522 | Mozilla Firefox (x64) (84.0) |
| PATCH-607000 | Mozilla Firefox For Mac (124.0) |
| PATCH-607000 | Mozilla Firefox For Mac (124.0) |
| PATCH-607000 | Mozilla Firefox For Mac (124.0) |
| PATCH-611870 | Mozilla Firefox For Mac (142.0.1) |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234