Cross-origin iframes that contained a login form could have been recognized by the login autofill service, and populated. This could have been used in clickjacking attacks, as well as be read across partitions in dynamic first party isolation. This vulnerability affects Firefox < 83.
References
| Link | Resource |
|---|---|
| https://bugzilla.mozilla.org/show_bug.cgi?id=610997 | Issue Tracking Permissions Required Vendor Advisory |
| https://www.mozilla.org/security/advisories/mfsa2020-50/ | Vendor Advisory |
| https://bugzilla.mozilla.org/show_bug.cgi?id=610997 | Issue Tracking Permissions Required Vendor Advisory |
| https://www.mozilla.org/security/advisories/mfsa2020-50/ | Vendor Advisory |
Configurations
History
21 Nov 2024, 05:20
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://bugzilla.mozilla.org/show_bug.cgi?id=610997 - Issue Tracking, Permissions Required, Vendor Advisory | |
| References | () https://www.mozilla.org/security/advisories/mfsa2020-50/ - Vendor Advisory |
Information
Published : 2020-12-09 01:15
Updated : 2024-11-21 05:20
NVD link : CVE-2020-26962
Mitre link : CVE-2020-26962
CVE.ORG link : CVE-2020-26962
JSON object : View
Products Affected
mozilla
- firefox
CWE
CWE-1021
Improper Restriction of Rendered UI Layers or Frames