Vulnerability Description
When a user typed a URL in the address bar or the search bar and quickly hit the enter key, a website could sometimes capture that event and then redirect the user before navigation occurred to the desired, entered address. To construct a convincing spoof the attacker would have had to guess what the user was typing, perhaps by suggesting it. This vulnerability affects Firefox < 84.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mozilla | Firefox | < 84.0 |
Related Weaknesses (CWE)
References
- https://bugzilla.mozilla.org/buglist.cgi?bug_id=1641287%2C1673299ExploitIssue TrackingPatch
- https://www.mozilla.org/security/advisories/mfsa2020-54/Vendor Advisory
- https://bugzilla.mozilla.org/buglist.cgi?bug_id=1641287%2C1673299ExploitIssue TrackingPatch
- https://www.mozilla.org/security/advisories/mfsa2020-54/Vendor Advisory
FAQ
What is CVE-2020-26979?
CVE-2020-26979 is a vulnerability with a CVSS score of 6.1 (MEDIUM). When a user typed a URL in the address bar or the search bar and quickly hit the enter key, a website could sometimes capture that event and then redirect the user before navigation occurred to the de...
How severe is CVE-2020-26979?
CVE-2020-26979 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-26979?
Check the references section above for vendor advisories and patch information. Affected products include: Mozilla Firefox.