CVE-2020-26967

{"id": "CVE-2020-26967", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2020-12-09T01:15:13.643", "references": [{"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1665820", "tags": ["Issue Tracking", "Permissions Required", "Vendor Advisory"], "source": "security@mozilla.org"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2020-50/", "tags": ["Vendor Advisory"], "source": "security@mozilla.org"}, {"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1665820", "tags": ["Issue Tracking", "Permissions Required", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.mozilla.org/security/advisories/mfsa2020-50/", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "When listening for page changes with a Mutation Observer, a malicious web page could confuse Firefox Screenshots into interacting with elements other than those that it injected into the page. This would lead to internal errors and unexpected behavior in the Screenshots code. This vulnerability affects Firefox < 83."}, {"lang": "es", "value": "Cuando se escuchan unos cambios de p\u00e1gina con un Mutation Observer, una p\u00e1gina web maliciosa podr\u00eda confundir unas Screenshots de Firefox para interactuar con elementos distintos a los que inyect\u00f3 en la p\u00e1gina.&#xa0;Esto conllevar\u00eda a errores internos y un comportamiento inesperado en el c\u00f3digo de Screenshots.&#xa0;Esta vulnerabilidad afecta a Firefox versiones anteriores a 83"}], "lastModified": "2024-11-21T05:20:35.797", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9385C808-43DD-4D02-B1A9-89A2E3986DF2", "versionEndExcluding": "83.0"}], "operator": "OR"}]}], "sourceIdentifier": "security@mozilla.org"}