By exploiting an Open Redirect vulnerability on a website, an attacker could have spoofed the site displayed in the download file dialog to show the original site (the one suffering from the open redirect) rather than the site the file was actually downloaded from. This vulnerability affects Firefox < 81, Thunderbird < 78.3, and Firefox ESR < 78.3.
References
Link | Resource |
---|---|
http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00074.html | Broken Link Mailing List Third Party Advisory |
http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00077.html | Broken Link Mailing List Third Party Advisory |
https://bugzilla.mozilla.org/show_bug.cgi?id=1641487 | Issue Tracking Permissions Required Vendor Advisory |
https://lists.debian.org/debian-lts-announce/2020/10/msg00020.html | Mailing List Third Party Advisory |
https://security.gentoo.org/glsa/202010-02 | Third Party Advisory |
https://www.debian.org/security/2020/dsa-4770 | Third Party Advisory |
https://www.mozilla.org/security/advisories/mfsa2020-42/ | Release Notes Vendor Advisory |
https://www.mozilla.org/security/advisories/mfsa2020-43/ | Release Notes Vendor Advisory |
https://www.mozilla.org/security/advisories/mfsa2020-44/ | Release Notes Vendor Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
History
No history.
Information
Published : 2020-10-01 19:15
Updated : 2024-02-28 18:08
NVD link : CVE-2020-15677
Mitre link : CVE-2020-15677
CVE.ORG link : CVE-2020-15677
JSON object : View
Products Affected
debian
- debian_linux
opensuse
- leap
mozilla
- firefox_esr
- firefox
- thunderbird
CWE
CWE-601
URL Redirection to Untrusted Site ('Open Redirect')