CVE-2020-6808

Priority
Description
When a JavaScript URL (javascript:) is evaluated and the result is a
string, this string is parsed to create an HTML document, which is then
presented. Previously, this document's URL (as reported by the
document.location property, for example) was the originating javascript:
URL which could lead to spoofing attacks; it is now correctly the URL of
the originating document. This vulnerability affects Firefox < 74.
Assigned-to
chrisccoulson
Notes
tyhicksmozjs contains a copy of the SpiderMonkey JavaScript engine
Package
Upstream:released (74.0)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):released (74.0+build3-0ubuntu0.16.04.1)
Ubuntu 18.04 LTS (Bionic Beaver):released (74.0+build3-0ubuntu0.18.04.1)
Ubuntu 19.10 (Eoan Ermine):released (74.0+build3-0ubuntu0.19.10.1)
Ubuntu 20.04 (Focal Fossa):released (74.0+build3-0ubuntu1)
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):needs-triage
Ubuntu 19.10 (Eoan Ermine):DNE
Ubuntu 20.04 (Focal Fossa):DNE
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):needs-triage
Ubuntu 19.10 (Eoan Ermine):needs-triage
Ubuntu 20.04 (Focal Fossa):needs-triage
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 19.10 (Eoan Ermine):needs-triage
Ubuntu 20.04 (Focal Fossa):DNE
Package
Priority: Low
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):needed
Ubuntu 18.04 LTS (Bionic Beaver):needed
Ubuntu 19.10 (Eoan Ermine):needed
Ubuntu 20.04 (Focal Fossa):needed
More Information

Updated: 2020-04-03 02:17:55 UTC (commit f9d8872444248ae96d2bbabd45c4d5a3cc33aa96)