CVE-2020-15651
N/A
N/A
Summary
A unicode RTL order character in the downloaded file name can be used to change the file's name during the download UI flow to change the file extension. This vulnerability affects Firefox for iOS < 28.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Mozilla | Firefox for iOS | unspecified < 28 | affected |
Weaknesses
- Download Feature: unicode RTLO char can fake the file extension
ADP Enrichment
CVE Program Container
Additional References
- https://www.mozilla.org/security/advisories/mfsa2020-34/
- https://bugzilla.mozilla.org/show_bug.cgi?id=1649160
References
- https://www.mozilla.org/security/advisories/mfsa2020-34/
- https://bugzilla.mozilla.org/show_bug.cgi?id=1649160
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.