CVE-2020-15652MEDIUM
Description
By observing the stack trace for JavaScript errors in web workers, it was possible to leak the result of a cross-origin redirect. This applied only to content that can be parsed as script. This vulnerability affects Firefox < 79, Firefox ESR < 68.11, Firefox ESR < 78.1, Thunderbird < 68.11, and Thunderbird < 78.1.
References
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00022.html
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00025.html
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00032.html
https://bugzilla.mozilla.org/show_bug.cgi?id=1634872
https://usn.ubuntu.com/4443-1/
https://www.mozilla.org/security/advisories/mfsa2020-30/
https://www.mozilla.org/security/advisories/mfsa2020-31/
https://www.mozilla.org/security/advisories/mfsa2020-32/
Details
Source: MITRE
Published: 2020-08-10
Updated: 2020-08-18
Type: CWE-346
Risk Information
CVSS v2.0
Base Score: 4.3
Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N
Impact Score: 2.9
Exploitability Score: 8.6
Severity: MEDIUM
CVSS v3.0
Base Score: 6.5
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Impact Score: 3.6
Exploitability Score: 2.8
Severity: MEDIUM
Vulnerable Software
Configuration 1
OR
cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*
Tenable Plugins
| ID | Name | Product | Family | Severity |
|---|---|---|---|---|
| 147407 | NewStart CGSL MAIN 4.06 : firefox Multiple Vulnerabilities (NS-SA-2021-0004) | Nessus | NewStart CGSL Local Security Checks | critical |
| 147390 | NewStart CGSL CORE 5.04 / MAIN 5.04 : firefox Multiple Vulnerabilities (NS-SA-2021-0007) | Nessus | NewStart CGSL Local Security Checks | high |
| 147331 | NewStart CGSL MAIN 6.02 : thunderbird Multiple Vulnerabilities (NS-SA-2021-0056) | Nessus | NewStart CGSL Local Security Checks | high |
| 147312 | NewStart CGSL MAIN 4.06 : thunderbird Multiple Vulnerabilities (NS-SA-2021-0002) | Nessus | NewStart CGSL Local Security Checks | critical |
| 147292 | NewStart CGSL CORE 5.04 / MAIN 5.04 : thunderbird Multiple Vulnerabilities (NS-SA-2021-0006) | Nessus | NewStart CGSL Local Security Checks | high |
| 147247 | NewStart CGSL MAIN 6.02 : firefox Multiple Vulnerabilities (NS-SA-2021-0052) | Nessus | NewStart CGSL Local Security Checks | high |
| 145919 | CentOS 8 : firefox (CESA-2020:3241) | Nessus | CentOS Local Security Checks | high |
| 145868 | CentOS 8 : thunderbird (CESA-2020:3341) | Nessus | CentOS Local Security Checks | high |
| 140196 | Amazon Linux 2 : thunderbird (ALAS-2020-1487) | Nessus | Amazon Linux Local Security Checks | high |
| 139648 | openSUSE Security Update : MozillaThunderbird (openSUSE-2020-1205) | Nessus | SuSE Local Security Checks | high |
| 139562 | openSUSE Security Update : MozillaFirefox (openSUSE-2020-1189) | Nessus | SuSE Local Security Checks | high |
| 139558 | openSUSE Security Update : MozillaThunderbird (openSUSE-2020-1179) | Nessus | SuSE Local Security Checks | high |
| 139475 | Oracle Linux 6 : thunderbird (ELSA-2020-3345) | Nessus | Oracle Linux Local Security Checks | medium |
| 139474 | Oracle Linux 7 : thunderbird (ELSA-2020-3344) | Nessus | Oracle Linux Local Security Checks | medium |
| 139473 | Oracle Linux 8 : thunderbird (ELSA-2020-3341) | Nessus | Oracle Linux Local Security Checks | medium |
| 139444 | openSUSE Security Update : MozillaFirefox (openSUSE-2020-1155) | Nessus | SuSE Local Security Checks | high |
| 139421 | CentOS 6 : thunderbird (CESA-2020:3345) | Nessus | CentOS Local Security Checks | high |
| 139420 | CentOS 7 : firefox (CESA-2020:3253) | Nessus | CentOS Local Security Checks | high |
| 139419 | CentOS 7 : thunderbird (CESA-2020:3344) | Nessus | CentOS Local Security Checks | high |
| 139417 | CentOS 6 : firefox (CESA-2020:3233) | Nessus | CentOS Local Security Checks | high |
| 139406 | SUSE SLED15 / SLES15 Security Update : MozillaFirefox (SUSE-SU-2020:2147-1) | Nessus | SuSE Local Security Checks | high |
| 139400 | Scientific Linux Security Update : thunderbird on SL7.x x86_64 (20200806) | Nessus | Scientific Linux Local Security Checks | high |
| 139399 | Scientific Linux Security Update : thunderbird on SL6.x i386/x86_64 (20200806) | Nessus | Scientific Linux Local Security Checks | high |
| 139376 | RHEL 6 : thunderbird (RHSA-2020:3345) | Nessus | Red Hat Local Security Checks | high |
| 139360 | SUSE SLED15 / SLES15 Security Update : MozillaFirefox (SUSE-SU-2020:2118-1) | Nessus | SuSE Local Security Checks | high |
| 139356 | openSUSE Security Update : MozillaFirefox (openSUSE-2020-1147) | Nessus | SuSE Local Security Checks | high |
| 139336 | RHEL 8 : thunderbird (RHSA-2020:3343) | Nessus | Red Hat Local Security Checks | high |
| 139335 | RHEL 8 : thunderbird (RHSA-2020:3342) | Nessus | Red Hat Local Security Checks | high |
| 139334 | RHEL 7 : thunderbird (RHSA-2020:3344) | Nessus | Red Hat Local Security Checks | high |
| 139333 | RHEL 8 : thunderbird (RHSA-2020:3341) | Nessus | Red Hat Local Security Checks | high |
| 139331 | RHEL 7 : firefox (RHSA-2020:3253) | Nessus | Red Hat Local Security Checks | high |
| 139318 | Mozilla Thunderbird < 78.1 | Nessus | Windows | high |
| 139317 | Mozilla Thunderbird < 78.1 | Nessus | MacOS X Local Security Checks | high |
| 139300 | Scientific Linux Security Update : firefox on SL7.x x86_64 (20200730) | Nessus | Scientific Linux Local Security Checks | high |
| 139282 | SUSE SLES12 Security Update : MozillaFirefox (SUSE-SU-2020:2100-1) | Nessus | SuSE Local Security Checks | high |
| 139279 | Slackware 14.2 / current : mozilla-thunderbird (SSA:2020-213-01) | Nessus | Slackware Local Security Checks | high |
| 139278 | Oracle Linux 7 : firefox (ELSA-2020-3253) | Nessus | Oracle Linux Local Security Checks | medium |
| 139277 | Oracle Linux 8 : firefox (ELSA-2020-3241) | Nessus | Oracle Linux Local Security Checks | medium |
| 139276 | Oracle Linux 6 : firefox (ELSA-2020-3233) | Nessus | Oracle Linux Local Security Checks | medium |
| 139272 | GLSA-202007-64 : Mozilla Thunderbird: Multiple vulnerabilities | Nessus | Gentoo Local Security Checks | high |
| 139255 | Debian DSA-4740-1 : thunderbird - security update | Nessus | Debian Local Security Checks | high |
| 139253 | Debian DLA-2310-1 : thunderbird security update | Nessus | Debian Local Security Checks | high |
| 139220 | Scientific Linux Security Update : firefox on SL6.x i386/x86_64 (20200730) | Nessus | Scientific Linux Local Security Checks | high |
| 139210 | Debian DSA-4736-1 : firefox-esr - security update | Nessus | Debian Local Security Checks | high |
| 139201 | RHEL 8 : firefox (RHSA-2020:3254) | Nessus | Red Hat Local Security Checks | high |
| 139196 | RHEL 6 : firefox (RHSA-2020:3233) | Nessus | Red Hat Local Security Checks | high |
| 139190 | RHEL 8 : firefox (RHSA-2020:3229) | Nessus | Red Hat Local Security Checks | high |
| 139186 | RHEL 8 : firefox (RHSA-2020:3241) | Nessus | Red Hat Local Security Checks | high |
| 139185 | Mozilla Thunderbird < 68.11 | Nessus | Windows | high |
| 139184 | Mozilla Thunderbird < 68.11 | Nessus | MacOS X Local Security Checks | high |
| 139182 | Ubuntu 16.04 LTS / 18.04 LTS / 20.04 : Firefox vulnerabilities (USN-4443-1) | Nessus | Ubuntu Local Security Checks | high |
| 139123 | GLSA-202007-60 : Mozilla Firefox: Multiple vulnerabilities | Nessus | Gentoo Local Security Checks | high |
| 139097 | Debian DLA-2297-1 : firefox-esr security update | Nessus | Debian Local Security Checks | high |
| 139074 | Mozilla Firefox ESR < 78.1 | Nessus | Windows | high |
| 139073 | Mozilla Firefox ESR < 78.1 | Nessus | MacOS X Local Security Checks | high |
| 139063 | Mozilla Firefox ESR < 68.11 | Nessus | Windows | high |
| 139062 | Mozilla Firefox ESR < 68.11 | Nessus | MacOS X Local Security Checks | high |
| 139040 | Mozilla Firefox < 79.0 | Nessus | Windows | high |
| 139039 | Mozilla Firefox < 79.0 | Nessus | MacOS X Local Security Checks | high |