CVE-2020-26964

Опубликовано: 09 дек. 2020

Источник: nvd

CVSS3: 6.8

CVSS2: 4

EPSS Низкий

Описание

If the Remote Debugging via USB feature was enabled in Firefox for Android on an Android version prior to Android 6.0, untrusted apps could have connected to the feature and operated with the privileges of the browser to read and interact with web content. The feature was implemented as a unix domain socket, protected by the Android SELinux policy; however, SELinux was not enforced for versions prior to 6.0. This was fixed by removing the Remote Debugging via USB feature from affected devices. Note: This issue only affected Firefox for Android. Other operating systems are unaffected.. This vulnerability affects Firefox < 83.

Ссылки

https://bugzilla.mozilla.org/show_bug.cgi?id=1658865
Issue Tracking
Permissions Required
Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2020-50/
Vendor Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=1658865
Issue Tracking
Permissions Required
Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2020-50/
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:a:mozilla:firefox:*:*:*:*:*:android:*:*

Версия до 83.0 (исключая)

cpe:2.3:o:google:android:*:*:*:*:*:*:*:*

Версия до 6.0 (исключая)

EPSS

Процентиль: 53%

0.00298

Низкий

6.8 Medium

CVSS3

4 Medium

CVSS2

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

CVE-2020-26964

CVSS3: 6.8

ubuntu

около 5 лет назад

If the Remote Debugging via USB feature was enabled in Firefox for Android on an Android version prior to Android 6.0, untrusted apps could have connected to the feature and operated with the privileges of the browser to read and interact with web content. The feature was implemented as a unix domain socket, protected by the Android SELinux policy; however, SELinux was not enforced for versions prior to 6.0. This was fixed by removing the Remote Debugging via USB feature from affected devices. *Note: This issue only affected Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 83.

CVE-2020-26964

CVSS3: 6.8

debian

около 5 лет назад

If the Remote Debugging via USB feature was enabled in Firefox for And ...

GHSA-3x56-fp32-hw97

github

больше 3 лет назад

If the Remote Debugging via USB feature was enabled in Firefox for Android on an Android version prior to Android 6.0, untrusted apps could have connected to the feature and operated with the privileges of the browser to read and interact with web content. The feature was implemented as a unix domain socket, protected by the Android SELinux policy; however, SELinux was not enforced for versions prior to 6.0. This was fixed by removing the Remote Debugging via USB feature from affected devices. *Note: This issue only affected Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 83.

EPSS

Процентиль: 53%

0.00298

Низкий

6.8 Medium

CVSS3

4 Medium

CVSS2

Дефекты

NVD-CWE-noinfo