Firefox Esr
CVE-2020-15650
MEDIUM
Severity by source
AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Lifecycle Timeline
1DescriptionNVD
Given an installed malicious file picker application, an attacker was able to overwrite local files and thus overwrite Firefox settings (but not access the previous profile). *Note: This issue only affected Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox ESR < 68.11.
AnalysisAI
Given an installed malicious file picker application, an attacker was able to overwrite local files and thus overwrite Firefox settings (but not access the previous profile). Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
Given an installed malicious file picker application, an attacker was able to overwrite local files and thus overwrite Firefox settings (but not access the previous profile). *Note: This issue only affected Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox ESR < 68.11. Affected products include: Mozilla Firefox Esr.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Firefox Esr
View allIn certain circumstances, the MCallGetProperty opcode can be emitted with unmet assumptions resulting in an exploitable
A sandbox escape vulnerability exists in Firefox's XPCOM component due to incorrect boundary conditions and integer over
Mozilla developers Andrew McCreight, Gabriele Svelto, Tom Ritter and the Mozilla Fuzzing Team reported memory safety bug
Mozilla Network Security Services (NSS) before 3.16.2.1, 3.16.x before 3.16.5, and 3.17.x before 3.17.1, as used in Mozi
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scri
The Mozilla Fuzzing Team reported potential vulnerabilities present in Thunderbird 91.10. Rated high severity (CVSS 8.8)
If a compromised content process sent an unexpected number of WebAuthN Extensions in a Register command to the parent pr
An attacker could have caused a use-after-free by forcing a text reflow in an SVG object leading to a potentially exploi
If a user was convinced to drag and drop an image to their desktop or other folder, the resulting object could have been
Certain network request objects were freed too early when releasing a network request handle. Rated high severity (CVSS
Applying a CSS filter effect could have accessed out of bounds memory. Rated high severity (CVSS 8.8), this vulnerabilit
Firefox incorrectly treated an inline list-item element as a block element, resulting in an out of bounds read or memory
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today