CVE-2020-15658

Опубликовано: 28 июл. 2020

Источник: redhat

CVSS3: 6.5

EPSS Низкий

Описание

The code for downloading files did not properly take care of special characters, which led to an attacker being able to cut off the file ending at an earlier position, leading to a different file type being downloaded than shown in the dialog. This vulnerability affects Firefox ESR < 78.1, Firefox < 79, and Thunderbird < 78.1.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 5	firefox	Not affected
Red Hat Enterprise Linux 5	thunderbird	Out of support scope
Red Hat Enterprise Linux 6	firefox	Will not fix
Red Hat Enterprise Linux 6	thunderbird	Will not fix
Red Hat Enterprise Linux 7	thunderbird	Will not fix
Red Hat Enterprise Linux 8	thunderbird	Will not fix
Red Hat Enterprise Linux 7	firefox	Fixed	RHSA-2020:4080	30.09.2020
Red Hat Enterprise Linux 8	firefox	Fixed	RHSA-2020:3557	26.08.2020
Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions	firefox	Fixed	RHSA-2020:3555	26.08.2020
Red Hat Enterprise Linux 8.1 Extended Update Support	firefox	Fixed	RHSA-2020:3559	26.08.2020

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low

Дефект:

CWE-138

https://bugzilla.redhat.com/show_bug.cgi?id=1861647Mozilla: Overriding file type when saving to disk

EPSS

Процентиль: 66%

0.00525

Низкий

6.5 Medium

CVSS3

Связанные уязвимости

CVE-2020-15658

CVSS3: 6.5

ubuntu

около 5 лет назад

CVE-2020-15658

CVSS3: 6.5

nvd

около 5 лет назад

CVE-2020-15658

CVSS3: 6.5

debian

около 5 лет назад

The code for downloading files did not properly take care of special c ...

GHSA-5c48-vfr3-8jxq

CVSS3: 6.5

github

больше 3 лет назад

openSUSE-SU-2020:1189-1

suse-cvrf

около 5 лет назад

Security update for MozillaFirefox

EPSS

Процентиль: 66%

0.00525

Низкий

6.5 Medium

CVSS3