CVE-2020-15647
Published: 10 August 2020
A Content Provider in Firefox for Android allowed local files accessible by the browser to be read by a remote webpage, leading to sensitive data disclosure, including cookies for other origins. This vulnerability affects Firefox for < Android.
Notes
Author | Note |
---|---|
tyhicks | mozjs contains a copy of the SpiderMonkey JavaScript engine |
mdeslaur | specific to Android |
Priority
Severity score breakdown
Parameter | Value |
---|---|
Base score | 7.4 |
Attack vector | Network |
Attack complexity | Low |
Privileges required | None |
User interaction | Required |
Scope | Changed |
Confidentiality | High |
Integrity impact | None |
Availability impact | None |
Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N |