CVE-2020-6810
Last modified
CVE-2020-6810 is a medium-severity vulnerability rated 4.3/10 on the CVSS scale. After a website had entered fullscreen mode, it could have used a previously opened popup to obscure the notification that indicates the browser is in fullscreen mode. Combined with spoofing the browser chrome, this could have led to confusing the user about the current origin of the page and credential theft or other attacks. EPSS estimates a 0.97% chance of exploitation in the next 30 days.
Description
After a website had entered fullscreen mode, it could have used a previously opened popup to obscure the notification that indicates the browser is in fullscreen mode. Combined with spoofing the browser chrome, this could have led to confusing the user about the current origin of the page and credential theft or other attacks. This vulnerability affects Firefox < 74.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Mozilla | Firefox | < 74.0 |
References
- https://bugzilla.mozilla.org/show_bug.cgi?id=1432856Issue Tracking, Vendor Advisory
- https://www.mozilla.org/security/advisories/mfsa2020-08/Vendor Advisory
- https://bugzilla.mozilla.org/show_bug.cgi?id=1432856Issue Tracking, Vendor Advisory
- https://www.mozilla.org/security/advisories/mfsa2020-08/Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2020-6810?
How severe is CVE-2020-6810?
How do I fix CVE-2020-6810?
Are you affected by CVE-2020-6810?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST