Strix
26.1K

CVE-2020-26967

MEDIUMCVSS 6.5/10EPSS 0.84%

Last modified

CVE-2020-26967 is a medium-severity vulnerability rated 6.5/10 on the CVSS scale. When listening for page changes with a Mutation Observer, a malicious web page could confuse Firefox Screenshots into interacting with elements other than those that it injected into the page. This would lead to internal errors and unexpected behavior in the Screenshots code. EPSS estimates a 0.84% chance of exploitation in the next 30 days.

Description

When listening for page changes with a Mutation Observer, a malicious web page could confuse Firefox Screenshots into interacting with elements other than those that it injected into the page. This would lead to internal errors and unexpected behavior in the Screenshots code. This vulnerability affects Firefox < 83.

Metrics

CVSS 3.1
6.5/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

EPSS Probability
0.84%

53.3th percentile

Probability of exploitation in the next 30 days. Learn more

Affected Software

VendorProductVersions
MozillaFirefox< 83.0

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2020-26967?
When listening for page changes with a Mutation Observer, a malicious web page could confuse Firefox Screenshots into interacting with elements other than those that it injected into the page. This would lead to internal errors and unexpected behavior in the Screenshots code. This vulnerability affects Firefox < 83.
How severe is CVE-2020-26967?
CVE-2020-26967 has a CVSS score of 6.5/10 (MEDIUM severity). The EPSS model estimates a 0.84% probability of exploitation in the next 30 days.
How do I fix CVE-2020-26967?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2020-26967?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST