CVE-2020-6810
Description
After a website had entered fullscreen mode, it could have used a previously opened popup to obscure the notification that indicates the browser is in fullscreen mode. Combined with spoofing the browser chrome, this could have led to confusing the user about the current origin of the page and credential theft or other attacks. This vulnerability affects Firefox < 74.
Risk Information
Base Score
4.3
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
EPSS Score
Exploitation Probability
0.262
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Multiple vulnerabilities fixed in Mozilla Firefox (74.0) | Windows |
| Multiple vulnerabilities fixed in Mozilla Firefox (x64) (74.0) | Windows |
| Multiple vulnerabilities are fixed in Mozilla Firefox For Mac (74.0) | Mac |
| Multiple Vulnerabilities are affected in Mozilla Firefox for Mac 73.0.1 | Mac |
| Mozilla Open Source web browser (USN-4299-1) firefox_74.0+build3-0ubuntu0.16.04.1_i386.deb | Linux |
| Mozilla Open Source web browser (USN-4299-1) firefox_74.0+build3-0ubuntu0.16.04.1_amd64.deb | Linux |
| Mozilla Open Source web browser (USN-4299-1) firefox_74.0+build3-0ubuntu0.18.04.1_i386.deb | Linux |
| Mozilla Open Source web browser (USN-4299-1) firefox_74.0+build3-0ubuntu0.18.04.1_amd64.deb | Linux |
| Mozilla Open Source web browser (USN-4299-1) firefox_74.0+build3-0ubuntu0.19.10.1_i386.deb | Linux |
| Mozilla Open Source web browser (USN-4299-1) firefox_74.0+build3-0ubuntu0.19.10.1_amd64.deb | Linux |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-313279 | Mozilla Firefox (74.0) |
| PATCH-313280 | Mozilla Firefox (x64) (74.0) |
| PATCH-607000 | Mozilla Firefox For Mac (124.0) |
| PATCH-611870 | Mozilla Firefox For Mac (142.0.1) |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234