CVE-2020-15664

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

By holding a reference to the eval() function from an about:blank window, a malicious webpage could have gained access to the InstallTrigger object which would allow them to prompt the user to install an extension. Combined with user confusion, this could result in an unintended or malicious extension being installed. This vulnerability affects Firefox < 80, Thunderbird < 78.2, Thunderbird < 68.12, Firefox ESR < 68.12, Firefox ESR < 78.2, and Firefox for Android < 80.

References

https://bugzilla.mozilla.org/show_bug.cgi?id=1658214

https://www.mozilla.org/security/advisories/mfsa2020-36/

https://www.mozilla.org/security/advisories/mfsa2020-37/

https://www.mozilla.org/security/advisories/mfsa2020-38/

https://www.mozilla.org/security/advisories/mfsa2020-39/

https://www.mozilla.org/security/advisories/mfsa2020-40/

https://www.mozilla.org/security/advisories/mfsa2020-41/

Details

Source: MITRE

Published: 2020-10-01

Updated: 2020-10-13

Type: CWE-863

Risk Information

CVSS v2

Base Score: 4.3

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Impact Score: 2.9

Exploitability Score: 8.6

Severity: MEDIUM

CVSS v3

Base Score: 6.5

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Impact Score: 3.6

Exploitability Score: 2.8

Severity: MEDIUM

Tenable Plugins

View all (58 total)

IDNameProductFamilySeverity
150616SUSE SLES11 Security Update : MozillaFirefox (SUSE-SU-2020:14489-1)NessusSuSE Local Security Checks
high
149335NewStart CGSL CORE 5.04 / MAIN 5.04 : thunderbird Multiple Vulnerabilities (NS-SA-2021-0025)NessusNewStart CGSL Local Security Checks
high
147407NewStart CGSL MAIN 4.06 : firefox Multiple Vulnerabilities (NS-SA-2021-0004)NessusNewStart CGSL Local Security Checks
critical
147331NewStart CGSL MAIN 6.02 : thunderbird Multiple Vulnerabilities (NS-SA-2021-0056)NessusNewStart CGSL Local Security Checks
high
147312NewStart CGSL MAIN 4.06 : thunderbird Multiple Vulnerabilities (NS-SA-2021-0002)NessusNewStart CGSL Local Security Checks
critical
147288NewStart CGSL CORE 5.04 / MAIN 5.04 : firefox Multiple Vulnerabilities (NS-SA-2021-0011)NessusNewStart CGSL Local Security Checks
high
147247NewStart CGSL MAIN 6.02 : firefox Multiple Vulnerabilities (NS-SA-2021-0052)NessusNewStart CGSL Local Security Checks
high
145909CentOS 8 : thunderbird (CESA-2020:3634)NessusCentOS Local Security Checks
high
145857CentOS 8 : firefox (CESA-2020:3557)NessusCentOS Local Security Checks
high
143033RHEL 8 : thunderbird (RHSA-2020:3633)NessusRed Hat Local Security Checks
high
141108Amazon Linux 2 : thunderbird (ALAS-2020-1496)NessusAmazon Linux Local Security Checks
high
140613Oracle Linux 7 : thunderbird (ELSA-2020-3631)NessusOracle Linux Local Security Checks
high
140585CentOS 7 : thunderbird (CESA-2020:3631)NessusCentOS Local Security Checks
high
140584CentOS 6 : thunderbird (CESA-2020:3643)NessusCentOS Local Security Checks
high
140568Slackware 14.2 / current : mozilla-thunderbird (SSA:2020-256-01)NessusSlackware Local Security Checks
high
140510openSUSE Security Update : MozillaThunderbird (openSUSE-2020-1392)NessusSuSE Local Security Checks
high
140509openSUSE Security Update : MozillaFirefox (openSUSE-2020-1391)NessusSuSE Local Security Checks
high
140455Oracle Linux 6 : thunderbird (ELSA-2020-3643)NessusOracle Linux Local Security Checks
high
140445openSUSE Security Update : MozillaFirefox (openSUSE-2020-1384)NessusSuSE Local Security Checks
high
140444openSUSE Security Update : MozillaThunderbird (openSUSE-2020-1383)NessusSuSE Local Security Checks
high
140441Scientific Linux Security Update : thunderbird on SL7.x x86_64 (20200908)NessusScientific Linux Local Security Checks
high
140440Scientific Linux Security Update : thunderbird on SL6.x i386/x86_64 (20200908)NessusScientific Linux Local Security Checks
high
140436Oracle Linux 7 : firefox (ELSA-2020-3556)NessusOracle Linux Local Security Checks
high
140400RHEL 6 : thunderbird (RHSA-2020:3643)NessusRed Hat Local Security Checks
high
140395Oracle Linux 8 : thunderbird (ELSA-2020-3634)NessusOracle Linux Local Security Checks
high
140394RHEL 8 : thunderbird (RHSA-2020:3634)NessusRed Hat Local Security Checks
high
140393RHEL 8 : thunderbird (RHSA-2020:3632)NessusRed Hat Local Security Checks
high
140389RHEL 7 : thunderbird (RHSA-2020:3631)NessusRed Hat Local Security Checks
high
140388SUSE SLED15 / SLES15 Security Update : MozillaFirefox (SUSE-SU-2020:2563-1)NessusSuSE Local Security Checks
high
140386SUSE SLES12 Security Update : MozillaFirefox (SUSE-SU-2020:2544-1)NessusSuSE Local Security Checks
high
140265Ubuntu 16.04 LTS / 18.04 LTS / 20.04 : Firefox regressions (USN-4474-2)NessusUbuntu Local Security Checks
high
140123CentOS 7 : firefox (CESA-2020:3556)NessusCentOS Local Security Checks
high
140119CentOS 6 : firefox (CESA-2020:3558)NessusCentOS Local Security Checks
high
140103Debian DLA-2360-1 : thunderbird security updateNessusDebian Local Security Checks
high
140060Debian DSA-4754-1 : thunderbird - security updateNessusDebian Local Security Checks
high
140042Oracle Linux 8 : firefox (ELSA-2020-3557)NessusOracle Linux Local Security Checks
high
139928Debian DLA-2346-1 : firefox-esr security updateNessusDebian Local Security Checks
high
139909Oracle Linux 6 : firefox (ELSA-2020-3558)NessusOracle Linux Local Security Checks
high
139908Ubuntu 16.04 LTS / 18.04 LTS / 20.04 : Firefox vulnerabilities (USN-4474-1)NessusUbuntu Local Security Checks
high
139894Scientific Linux Security Update : firefox on SL7.x x86_64 (20200826)NessusScientific Linux Local Security Checks
medium
139893Scientific Linux Security Update : firefox on SL6.x i386/x86_64 (20200826)NessusScientific Linux Local Security Checks
high
139892GLSA-202008-16 : Mozilla Firefox, Mozilla Thunderbird: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
139877Debian DSA-4749-1 : firefox-esr - security updateNessusDebian Local Security Checks
high
139870Mozilla Thunderbird < 68.12NessusWindows
high
139869Mozilla Thunderbird < 68.12NessusMacOS X Local Security Checks
high
139868Mozilla Thunderbird < 78.2NessusWindows
high
139867Mozilla Thunderbird < 78.2NessusMacOS X Local Security Checks
high
139854RHEL 8 : firefox (RHSA-2020:3557)NessusRed Hat Local Security Checks
high
139851RHEL 8 : firefox (RHSA-2020:3559)NessusRed Hat Local Security Checks
high
139811RHEL 8 : firefox (RHSA-2020:3555)NessusRed Hat Local Security Checks
high
139810RHEL 6 : firefox (RHSA-2020:3558)NessusRed Hat Local Security Checks
high
139808RHEL 7 : firefox (RHSA-2020:3556)NessusRed Hat Local Security Checks
high
139791Mozilla Firefox ESR < 78.2NessusWindows
high
139790Mozilla Firefox ESR < 78.2NessusMacOS X Local Security Checks
high
139789Mozilla Firefox < 80.0NessusWindows
high
139788Mozilla Firefox < 80.0NessusMacOS X Local Security Checks
high
139787Mozilla Firefox ESR < 68.12NessusWindows
high
139786Mozilla Firefox ESR < 68.12NessusMacOS X Local Security Checks
high