Vulnerability Description
After a website had entered fullscreen mode, it could have used a previously opened popup to obscure the notification that indicates the browser is in fullscreen mode. Combined with spoofing the browser chrome, this could have led to confusing the user about the current origin of the page and credential theft or other attacks. This vulnerability affects Firefox < 74.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mozilla | Firefox | < 74.0 |
Related Weaknesses (CWE)
References
- https://bugzilla.mozilla.org/show_bug.cgi?id=1432856Issue TrackingVendor Advisory
- https://www.mozilla.org/security/advisories/mfsa2020-08/Vendor Advisory
- https://bugzilla.mozilla.org/show_bug.cgi?id=1432856Issue TrackingVendor Advisory
- https://www.mozilla.org/security/advisories/mfsa2020-08/Vendor Advisory
FAQ
What is CVE-2020-6810?
CVE-2020-6810 is a vulnerability with a CVSS score of 4.3 (MEDIUM). After a website had entered fullscreen mode, it could have used a previously opened popup to obscure the notification that indicates the browser is in fullscreen mode. Combined with spoofing the brows...
How severe is CVE-2020-6810?
CVE-2020-6810 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-6810?
Check the references section above for vendor advisories and patch information. Affected products include: Mozilla Firefox.