Home > Vulnerability Database > CVE-2020-26954

Mend.io Vulnerability Database

CVE-2020-26954

Date: December 8, 2020

When accepting a malicious intent from other installed apps, Firefox for Android accepted manifests from arbitrary file paths and allowed declaring webapp manifests for other origins. This could be used to gain fullscreen access for UI spoofing and could also lead to cross-origin attacks on targeted websites. *Note: This issue only affected Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 83.

Severity Score

4.3

Related Resources (5)

Url: https://nvd.nist.gov/vuln/detail/CVE-2020-26954

Url: https://bugzilla.mozilla.org/show_bug.cgi?id=1657026

Url: https://www.mozilla.org/security/advisories/mfsa2020-50/

Url: https://security.alpinelinux.org/vuln/CVE-2020-26954

Url: https://www.mend.io/vulnerability-database/CVE-2020-26954

Severity Score

4.3

CVSS v3.1

Base Score:	4.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	LOW
Availability (A):	NONE

CVSS v2

Base Score:	4.3
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	NONE
Integrity (I):	PARTIAL
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2020-26954

Date: December 8, 2020

Severity Score

Related Resources (5)

Severity Score

CVSS v3.1

CVSS v2

Do you need more information?