CVE-2020-26954
MEDIUMFirefox < 83.0 - Cross-Origin Attack via Malicious Intent Manifest
Title source: llmDescription
When accepting a malicious intent from other installed apps, Firefox for Android accepted manifests from arbitrary file paths and allowed declaring webapp manifests for other origins. This could be used to gain fullscreen access for UI spoofing and could also lead to cross-origin attacks on targeted websites. *Note: This issue only affected Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 83.
References (2)
Core 2
Core References
Issue Tracking, Permissions Required, Vendor Advisory x_refsource_misc
https://bugzilla.mozilla.org/show_bug.cgi?id=1657026
Vendor Advisory x_refsource_confirm
https://www.mozilla.org/security/advisories/mfsa2020-50/
Scores
CVSS v3
4.3
EPSS
0.0028
EPSS Percentile
51.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Details
Status
published
Products (1)
mozilla/firefox
< 83.0
Published
Dec 09, 2020
Tracked Since
Feb 18, 2026