CVE-2020-26954
CVE-2020-26954
Vexday Risk Score
3Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS —EPSS 0.6%KEV nãoPoC —Nuclei —Metasploit —Patch —
Lifecycle
09 Dec 2020Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
When accepting a malicious intent from other installed apps, Firefox for Android accepted manifests from arbitrary file paths and allowed declaring webapp manifests for other origins. This could be used to gain fullscreen access for UI spoofing and could also lead to cross-origin attacks on targeted websites. *Note: This issue only affected Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 83.
Affected products
Mozilla · FirefoxWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →