Vulnerability Details : CVE-2020-15665
Firefox did not reset the address bar after the beforeunload dialog was shown if the user chose to remain on the page. This could have resulted in an incorrect URL being shown when used in conjunction with other unexpected browser behaviors. This vulnerability affects Firefox < 80.
Products affected by CVE-2020-15665
- cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2020-15665
0.10%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 42 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2020-15665
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:P/A:N |
8.6
|
2.9
|
NIST | |
4.3
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N |
2.8
|
1.4
|
NIST |
References for CVE-2020-15665
-
https://www.mozilla.org/security/advisories/mfsa2020-36/
Security Vulnerabilities fixed in Firefox 80 — MozillaRelease Notes;Vendor Advisory
-
https://bugzilla.mozilla.org/show_bug.cgi?id=1651636
1651636 - (CVE-2020-15665) Clicking "stay on page" (ie cancelling) in beforeunload dialogs should cause us to reset the URL barExploit;Issue Tracking;Vendor Advisory
Jump to