Search for vulnerabilities
Vulnerability details: VCID-44s1-9g8d-bbam
Vulnerability ID VCID-44s1-9g8d-bbam
Aliases CVE-2020-6823
Summary A malicious extension could have called browser.identity.launchWebAuthFlow, controlling the redirect_uri, and through the Promise returned, obtain the Auth code and gain access to the user's account at the service provider.
Status Published
Exploitability 0.5
Weighted Severity 9.0
Risk 4.5
Affected and Fixed Packages Package Details
Weaknesses (2)
CWE-358 Improperly Implemented Security Check for Standard
CWE-862 Missing Authorization
System Score Found at
cvssv3 9.8 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-6823.json
epss 0.00594 https://api.first.org/data/v1/epss?cve=CVE-2020-6823
epss 0.00594 https://api.first.org/data/v1/epss?cve=CVE-2020-6823
epss 0.00594 https://api.first.org/data/v1/epss?cve=CVE-2020-6823
epss 0.00594 https://api.first.org/data/v1/epss?cve=CVE-2020-6823
epss 0.00594 https://api.first.org/data/v1/epss?cve=CVE-2020-6823
epss 0.00594 https://api.first.org/data/v1/epss?cve=CVE-2020-6823
epss 0.00594 https://api.first.org/data/v1/epss?cve=CVE-2020-6823
epss 0.00594 https://api.first.org/data/v1/epss?cve=CVE-2020-6823
epss 0.00594 https://api.first.org/data/v1/epss?cve=CVE-2020-6823
epss 0.00594 https://api.first.org/data/v1/epss?cve=CVE-2020-6823
epss 0.00594 https://api.first.org/data/v1/epss?cve=CVE-2020-6823
epss 0.00594 https://api.first.org/data/v1/epss?cve=CVE-2020-6823
epss 0.00594 https://api.first.org/data/v1/epss?cve=CVE-2020-6823
epss 0.00594 https://api.first.org/data/v1/epss?cve=CVE-2020-6823
epss 0.00594 https://api.first.org/data/v1/epss?cve=CVE-2020-6823
epss 0.00594 https://api.first.org/data/v1/epss?cve=CVE-2020-6823
epss 0.00611 https://api.first.org/data/v1/epss?cve=CVE-2020-6823
cvssv3.1 7.1 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv2 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-6823
cvssv3.1 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-6823
archlinux Critical https://security.archlinux.org/AVG-1127
generic_textual high https://www.mozilla.org/en-US/security/advisories/mfsa2020-12
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-6823.json
https://api.first.org/data/v1/epss?cve=CVE-2020-6823
https://bugzilla.mozilla.org/show_bug.cgi?id=1614919
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://www.mozilla.org/security/advisories/mfsa2020-12/
1821693 https://bugzilla.redhat.com/show_bug.cgi?id=1821693
ASA-202004-8 https://security.archlinux.org/ASA-202004-8
AVG-1127 https://security.archlinux.org/AVG-1127
cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
CVE-2020-6823 https://nvd.nist.gov/vuln/detail/CVE-2020-6823
mfsa2020-12 https://www.mozilla.org/en-US/security/advisories/mfsa2020-12
USN-4323-1 https://usn.ubuntu.com/4323-1/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-6823.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2020-6823
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2020-6823
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.68331
EPSS Score 0.00594
Published At July 30, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-31T08:09:39.728920+00:00 Mozilla Importer Import https://github.com/mozilla/foundation-security-advisories/blob/master/announce/2020/mfsa2020-12.yml 37.0.0