Vulnerability Details : CVE-2020-6810
After a website had entered fullscreen mode, it could have used a previously opened popup to obscure the notification that indicates the browser is in fullscreen mode. Combined with spoofing the browser chrome, this could have led to confusing the user about the current origin of the page and credential theft or other attacks. This vulnerability affects Firefox < 74.
Exploit prediction scoring system (EPSS) score for CVE-2020-6810
Probability of exploitation activity in the next 30 days: 0.08%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 35 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2020-6810
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:P/A:N |
8.6
|
2.9
|
NIST |
|
4.3
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N |
2.8
|
1.4
|
NIST |
CWE ids for CVE-2020-6810
-
This attack-focused weakness is caused by incorrectly implemented authentication schemes that are subject to spoofing attacks.Assigned by: nvd@nist.gov (Primary)
References for CVE-2020-6810
-
https://www.mozilla.org/security/advisories/mfsa2020-08/
Security Vulnerabilities fixed in Firefox 74 — MozillaVendor Advisory
-
https://bugzilla.mozilla.org/show_bug.cgi?id=1432856
1432856 - (CVE-2020-6810) Popup window can cover fullscreen security UIIssue Tracking;Vendor Advisory
Products affected by CVE-2020-6810
- cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*