CVE-2020-15677
MEDIUMFirefox < 81.0, Firefox ESR < 78.3, Thunderbird < 78.3 - Open Redirect via Download File Dialog
Title source: llmDescription
By exploiting an Open Redirect vulnerability on a website, an attacker could have spoofed the site displayed in the download file dialog to show the original site (the one suffering from the open redirect) rather than the site the file was actually downloaded from. This vulnerability affects Firefox < 81, Thunderbird < 78.3, and Firefox ESR < 78.3.
References (9)
Core 9
Core References
Release Notes, Vendor Advisory x_refsource_misc
https://www.mozilla.org/security/advisories/mfsa2020-43/
Release Notes, Vendor Advisory x_refsource_misc
https://www.mozilla.org/security/advisories/mfsa2020-44/
Release Notes, Vendor Advisory x_refsource_misc
https://www.mozilla.org/security/advisories/mfsa2020-42/
Issue Tracking, Permissions Required, Vendor Advisory x_refsource_misc
https://bugzilla.mozilla.org/show_bug.cgi?id=1641487
Third Party Advisory vendor-advisory
x_refsource_debian
https://www.debian.org/security/2020/dsa-4770
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2020/10/msg00020.html
Third Party Advisory vendor-advisory
x_refsource_gentoo
https://security.gentoo.org/glsa/202010-02
Broken Link, Mailing List, Third Party Advisory vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00074.html
Broken Link, Mailing List, Third Party Advisory vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00077.html
Scores
CVSS v3
6.1
EPSS
0.0053
EPSS Percentile
67.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-601
Status
published
Products (7)
debian/debian_linux
9.0
debian/debian_linux
10.0
mozilla/firefox
< 81.0
mozilla/firefox_esr
< 78.3
mozilla/thunderbird
< 78.3
opensuse/leap
15.1
opensuse/leap
15.2
Published
Oct 01, 2020
Tracked Since
Feb 18, 2026