CVE-2020-12415

Summary

When "%2F" was present in a manifest URL, Firefox's AppCache behavior may have become confused and allowed a manifest to be served from a subdirectory. This could cause the appcache to be used to service requests for the top level directory. This vulnerability affects Firefox < 78.

Affected Software

VendorProductVersion RangeStatus
MozillaFirefoxunspecified < 78affected

Weaknesses

  • AppCache manifest poisoning due to url encoded character processing

ADP Enrichment

CVE Program Container

Additional References

References