CVE-2020-26967
MEDIUMFirefox < 83.0 - Unauthenticated Unexpected Behavior via Mutation Observer Confusion
Title source: llmDescription
When listening for page changes with a Mutation Observer, a malicious web page could confuse Firefox Screenshots into interacting with elements other than those that it injected into the page. This would lead to internal errors and unexpected behavior in the Screenshots code. This vulnerability affects Firefox < 83.
References (2)
Core 2
Core References
Issue Tracking, Permissions Required, Vendor Advisory x_refsource_misc
https://bugzilla.mozilla.org/show_bug.cgi?id=1665820
Vendor Advisory x_refsource_confirm
https://www.mozilla.org/security/advisories/mfsa2020-50/
Scores
CVSS v3
6.5
EPSS
0.0028
EPSS Percentile
51.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Details
Status
published
Products (1)
mozilla/firefox
< 83.0
Published
Dec 09, 2020
Tracked Since
Feb 18, 2026