The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.
A malicious Android application could craft an Intent that would have been processed by Firefox for Android and potentially result in a file overwrite in the user's profile directory. One exploitation vector for this would be to supply a user.js file providing arbitrary malicious preference values. Control of arbitrary preferences can lead to sufficient compromise such that it is generally equivalent to arbitrary code execution.<br> *Note: This issue only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox ESR < 68.7.
Base Score: 6.4
Impact Score: 4.9
Exploitability Score: 10
Base Score: 7.5
Impact Score: 3.6
Exploitability Score: 3.9
|150672||SUSE SLES11 Security Update : MozillaFirefox (SUSE-SU-2020:14339-1)||Nessus||SuSE Local Security Checks|
|135446||openSUSE Security Update : MozillaFirefox (openSUSE-2020-493)||Nessus||SuSE Local Security Checks|
|135397||SUSE SLES12 Security Update : MozillaFirefox (SUSE-SU-2020:0978-1)||Nessus||SuSE Local Security Checks|
|135396||SUSE SLED15 / SLES15 Security Update : MozillaFirefox (SUSE-SU-2020:0971-1)||Nessus||SuSE Local Security Checks|
|135280||Slackware 14.2 / current : mozilla-firefox (SSA:2020-098-01)||Nessus||Slackware Local Security Checks|
|135274||Mozilla Firefox ESR < 68.7 Multiple Vulnerabilities (mfsa2020-13)||Nessus||Windows|
|135273||Mozilla Firefox ESR < 68.7 Multiple Vulnerabilities (mfsa2020-13)||Nessus||MacOS X Local Security Checks|