Search for vulnerabilities
Vulnerability details: VCID-q7tp-8ke6-aaaj
Vulnerability ID VCID-q7tp-8ke6-aaaj
Aliases CVE-2020-15682
Summary When a link to an external protocol was clicked, a prompt was presented that allowed the user to choose what application to open it in. An attacker could induce that prompt to be associated with an origin they didn't control, resulting in a spoofing attack. This was fixed by changing external protocol prompts to be tab-modal while also ensuring they could not be incorrectly associated with a different origin. This vulnerability affects Firefox < 82.
Status Published
Exploitability 0.5
Weighted Severity 9.0
Risk 4.5
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-346 Origin Validation Error
System Score Found at
generic_textual Low http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-15682.html
epss 0.00076 https://api.first.org/data/v1/epss?cve=CVE-2020-15682
epss 0.00076 https://api.first.org/data/v1/epss?cve=CVE-2020-15682
epss 0.00076 https://api.first.org/data/v1/epss?cve=CVE-2020-15682
epss 0.00076 https://api.first.org/data/v1/epss?cve=CVE-2020-15682
epss 0.00081 https://api.first.org/data/v1/epss?cve=CVE-2020-15682
epss 0.00081 https://api.first.org/data/v1/epss?cve=CVE-2020-15682
epss 0.00081 https://api.first.org/data/v1/epss?cve=CVE-2020-15682
epss 0.00081 https://api.first.org/data/v1/epss?cve=CVE-2020-15682
epss 0.00081 https://api.first.org/data/v1/epss?cve=CVE-2020-15682
epss 0.00081 https://api.first.org/data/v1/epss?cve=CVE-2020-15682
epss 0.00081 https://api.first.org/data/v1/epss?cve=CVE-2020-15682
epss 0.00081 https://api.first.org/data/v1/epss?cve=CVE-2020-15682
epss 0.00081 https://api.first.org/data/v1/epss?cve=CVE-2020-15682
epss 0.00081 https://api.first.org/data/v1/epss?cve=CVE-2020-15682
epss 0.00081 https://api.first.org/data/v1/epss?cve=CVE-2020-15682
epss 0.00081 https://api.first.org/data/v1/epss?cve=CVE-2020-15682
epss 0.00133 https://api.first.org/data/v1/epss?cve=CVE-2020-15682
epss 0.00133 https://api.first.org/data/v1/epss?cve=CVE-2020-15682
epss 0.00133 https://api.first.org/data/v1/epss?cve=CVE-2020-15682
epss 0.00133 https://api.first.org/data/v1/epss?cve=CVE-2020-15682
epss 0.00133 https://api.first.org/data/v1/epss?cve=CVE-2020-15682
epss 0.00133 https://api.first.org/data/v1/epss?cve=CVE-2020-15682
epss 0.00133 https://api.first.org/data/v1/epss?cve=CVE-2020-15682
epss 0.00133 https://api.first.org/data/v1/epss?cve=CVE-2020-15682
epss 0.00133 https://api.first.org/data/v1/epss?cve=CVE-2020-15682
epss 0.00133 https://api.first.org/data/v1/epss?cve=CVE-2020-15682
epss 0.00133 https://api.first.org/data/v1/epss?cve=CVE-2020-15682
epss 0.00133 https://api.first.org/data/v1/epss?cve=CVE-2020-15682
epss 0.00133 https://api.first.org/data/v1/epss?cve=CVE-2020-15682
epss 0.00133 https://api.first.org/data/v1/epss?cve=CVE-2020-15682
epss 0.00133 https://api.first.org/data/v1/epss?cve=CVE-2020-15682
epss 0.00133 https://api.first.org/data/v1/epss?cve=CVE-2020-15682
epss 0.00133 https://api.first.org/data/v1/epss?cve=CVE-2020-15682
epss 0.00133 https://api.first.org/data/v1/epss?cve=CVE-2020-15682
epss 0.00133 https://api.first.org/data/v1/epss?cve=CVE-2020-15682
epss 0.00133 https://api.first.org/data/v1/epss?cve=CVE-2020-15682
epss 0.00133 https://api.first.org/data/v1/epss?cve=CVE-2020-15682
epss 0.00133 https://api.first.org/data/v1/epss?cve=CVE-2020-15682
epss 0.00133 https://api.first.org/data/v1/epss?cve=CVE-2020-15682
epss 0.00133 https://api.first.org/data/v1/epss?cve=CVE-2020-15682
epss 0.00133 https://api.first.org/data/v1/epss?cve=CVE-2020-15682
epss 0.00133 https://api.first.org/data/v1/epss?cve=CVE-2020-15682
epss 0.00133 https://api.first.org/data/v1/epss?cve=CVE-2020-15682
epss 0.00133 https://api.first.org/data/v1/epss?cve=CVE-2020-15682
epss 0.00133 https://api.first.org/data/v1/epss?cve=CVE-2020-15682
epss 0.00133 https://api.first.org/data/v1/epss?cve=CVE-2020-15682
epss 0.00133 https://api.first.org/data/v1/epss?cve=CVE-2020-15682
epss 0.00133 https://api.first.org/data/v1/epss?cve=CVE-2020-15682
epss 0.00133 https://api.first.org/data/v1/epss?cve=CVE-2020-15682
epss 0.00133 https://api.first.org/data/v1/epss?cve=CVE-2020-15682
epss 0.00133 https://api.first.org/data/v1/epss?cve=CVE-2020-15682
epss 0.00133 https://api.first.org/data/v1/epss?cve=CVE-2020-15682
epss 0.00133 https://api.first.org/data/v1/epss?cve=CVE-2020-15682
epss 0.00133 https://api.first.org/data/v1/epss?cve=CVE-2020-15682
epss 0.00133 https://api.first.org/data/v1/epss?cve=CVE-2020-15682
epss 0.00133 https://api.first.org/data/v1/epss?cve=CVE-2020-15682
epss 0.00133 https://api.first.org/data/v1/epss?cve=CVE-2020-15682
epss 0.00133 https://api.first.org/data/v1/epss?cve=CVE-2020-15682
epss 0.00133 https://api.first.org/data/v1/epss?cve=CVE-2020-15682
epss 0.00133 https://api.first.org/data/v1/epss?cve=CVE-2020-15682
epss 0.00133 https://api.first.org/data/v1/epss?cve=CVE-2020-15682
epss 0.00133 https://api.first.org/data/v1/epss?cve=CVE-2020-15682
epss 0.00133 https://api.first.org/data/v1/epss?cve=CVE-2020-15682
epss 0.00133 https://api.first.org/data/v1/epss?cve=CVE-2020-15682
epss 0.00133 https://api.first.org/data/v1/epss?cve=CVE-2020-15682
epss 0.00133 https://api.first.org/data/v1/epss?cve=CVE-2020-15682
epss 0.00133 https://api.first.org/data/v1/epss?cve=CVE-2020-15682
epss 0.00133 https://api.first.org/data/v1/epss?cve=CVE-2020-15682
epss 0.00133 https://api.first.org/data/v1/epss?cve=CVE-2020-15682
epss 0.00133 https://api.first.org/data/v1/epss?cve=CVE-2020-15682
epss 0.00133 https://api.first.org/data/v1/epss?cve=CVE-2020-15682
epss 0.00133 https://api.first.org/data/v1/epss?cve=CVE-2020-15682
epss 0.00133 https://api.first.org/data/v1/epss?cve=CVE-2020-15682
epss 0.00133 https://api.first.org/data/v1/epss?cve=CVE-2020-15682
epss 0.00133 https://api.first.org/data/v1/epss?cve=CVE-2020-15682
epss 0.00133 https://api.first.org/data/v1/epss?cve=CVE-2020-15682
epss 0.00133 https://api.first.org/data/v1/epss?cve=CVE-2020-15682
epss 0.00133 https://api.first.org/data/v1/epss?cve=CVE-2020-15682
epss 0.00133 https://api.first.org/data/v1/epss?cve=CVE-2020-15682
epss 0.00133 https://api.first.org/data/v1/epss?cve=CVE-2020-15682
epss 0.00133 https://api.first.org/data/v1/epss?cve=CVE-2020-15682
epss 0.00133 https://api.first.org/data/v1/epss?cve=CVE-2020-15682
epss 0.00133 https://api.first.org/data/v1/epss?cve=CVE-2020-15682
epss 0.00133 https://api.first.org/data/v1/epss?cve=CVE-2020-15682
epss 0.00452 https://api.first.org/data/v1/epss?cve=CVE-2020-15682
generic_textual Low https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15682
cvssv2 4.3 https://nvd.nist.gov/vuln/detail/CVE-2020-15682
cvssv3 6.5 https://nvd.nist.gov/vuln/detail/CVE-2020-15682
cvssv3.1 6.5 https://nvd.nist.gov/vuln/detail/CVE-2020-15682
archlinux Critical https://security.archlinux.org/AVG-1256
generic_textual Medium https://ubuntu.com/security/notices/USN-4599-1
generic_textual Medium https://ubuntu.com/security/notices/USN-4599-2
generic_textual high https://www.mozilla.org/en-US/security/advisories/mfsa2020-45
generic_textual Low https://www.mozilla.org/en-US/security/advisories/mfsa2020-45/#CVE-2020-15682
Reference id Reference type URL
http://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-15682.html
https://api.first.org/data/v1/epss?cve=CVE-2020-15682
https://bugzilla.mozilla.org/show_bug.cgi?id=1636654
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15682
https://ubuntu.com/security/notices/USN-4599-1
https://ubuntu.com/security/notices/USN-4599-2
https://www.mozilla.org/en-US/security/advisories/mfsa2020-45/#CVE-2020-15682
https://www.mozilla.org/security/advisories/mfsa2020-45/
ASA-202011-1 https://security.archlinux.org/ASA-202011-1
AVG-1256 https://security.archlinux.org/AVG-1256
cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
CVE-2020-15682 https://nvd.nist.gov/vuln/detail/CVE-2020-15682
mfsa2020-45 https://www.mozilla.org/en-US/security/advisories/mfsa2020-45
USN-4599-1 https://usn.ubuntu.com/4599-1/
USN-4599-2 https://usn.ubuntu.com/4599-2/
No exploits are available.
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2020-15682
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2020-15682
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2020-15682
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.34980
EPSS Score 0.00076
Published At Dec. 17, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.