CVE-2020-12424

Summary

When constructing a permission prompt for WebRTC, a URI was supplied from the content process. This URI was untrusted, and could have been the URI of an origin that was previously granted permission; bypassing the prompt. This vulnerability affects Firefox < 78.

Affected Software

VendorProductVersion RangeStatus
MozillaFirefoxunspecified < 78affected

Weaknesses

  • WebRTC permission prompt could have been bypassed by a compromised content process

ADP Enrichment

CVE Program Container

Additional References

References