Published: 25/03/2020 Updated: 27/03/2020

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

A security issue has been found in Firefox prior to 74 where, when a JavaScript URL (javascript:) is evaluated and the result is a string, this string is parsed to create an HTML document, which is then presented. Previously, this document's URL (as reported by the document.location property, for example) was the originating javascript: URL which could lead to spoofing attacks; it is now correctly the URL of the originating document.

Vulnerable Product	Search on Vulmon	Subscribe to Product
mozilla firefox

Firefox could be made to crash or run programs as your login if it opened a malicious website ...

Mozilla Foundation Security Advisory 2020-08 Security Vulnerabilities fixed in Firefox 74 Announced March 10, 2020 Impact high Products Firefox Fixed in Firefox 74 ...

A security issue has been found in Firefox before 74 where, when a JavaScript URL (javascript:) is evaluated and the result is a string, this string is parsed to create an HTML document, which is then presented Previously, this document's URL (as reported by the documentlocation property, for example) was the originating javascript: URL which cou ...

CWE-290 https://bugzilla.mozilla.org/show_bug.cgi?id=1247968 https://www.mozilla.org/security/advisories/mfsa2020-08/https://usn.ubuntu.com/4299-1/https://nvd.nist.gov https://security.archlinux.org/CVE-2020-6808

CVE-2020-6808

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect