CVE-2020-26975
CVE-2020-26975
Vexday Risk Score
3Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS —EPSS 0.9%KEV nãoPoC —Nuclei —Metasploit —Patch —
Ciclo de vida
07 ene 2021Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
When a malicious application installed on the user's device broadcast an Intent to Firefox for Android, arbitrary headers could have been specified, leading to attacks such as abusing ambient authority or session fixation. This was resolved by only allowing certain safe-listed headers. *Note: This issue only affected Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 84.
Productos afectados
Mozilla · Firefox¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →