CVE-2020-15665
MEDIUMFirefox < 80.0 - URL Spoofing via Address Bar Not Reset After beforeunload Dialog
Title source: llmDescription
Firefox did not reset the address bar after the beforeunload dialog was shown if the user chose to remain on the page. This could have resulted in an incorrect URL being shown when used in conjunction with other unexpected browser behaviors. This vulnerability affects Firefox < 80.
References (2)
Core 2
Core References
Release Notes, Vendor Advisory x_refsource_misc
https://www.mozilla.org/security/advisories/mfsa2020-36/
Exploit, Issue Tracking, Vendor Advisory x_refsource_misc
https://bugzilla.mozilla.org/show_bug.cgi?id=1651636
Scores
CVSS v3
4.3
EPSS
0.0019
EPSS Percentile
39.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Details
Status
published
Products (1)
mozilla/firefox
< 80.0
Published
Oct 01, 2020
Tracked Since
Feb 18, 2026