CVE-2020-26962

MEDIUM

Firefox < 83.0 - Cross-Origin Iframe Login Form Autofill Spoofing

Title source: llm
STIX 2.1

Description

Cross-origin iframes that contained a login form could have been recognized by the login autofill service, and populated. This could have been used in clickjacking attacks, as well as be read across partitions in dynamic first party isolation. This vulnerability affects Firefox < 83.

References (2)

Core 2
Core References
Issue Tracking, Permissions Required, Vendor Advisory x_refsource_misc
https://bugzilla.mozilla.org/show_bug.cgi?id=610997
Vendor Advisory x_refsource_confirm
https://www.mozilla.org/security/advisories/mfsa2020-50/

Scores

CVSS v3 6.1
EPSS 0.0022
EPSS Percentile 44.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE
CWE-1021
Status published
Products (1)
mozilla/firefox < 83.0
Published Dec 09, 2020
Tracked Since Feb 18, 2026