CVE-2020-15652

Summary

By observing the stack trace for JavaScript errors in web workers, it was possible to leak the result of a cross-origin redirect. This applied only to content that can be parsed as script. This vulnerability affects Firefox < 79, Firefox ESR < 68.11, Firefox ESR < 78.1, Thunderbird < 68.11, and Thunderbird < 78.1.

Affected Software

VendorProductVersion RangeStatus
MozillaFirefoxunspecified < 79affected
MozillaFirefox ESRunspecified < 68.11affected
MozillaFirefox ESRunspecified < 78.1affected
MozillaThunderbirdunspecified < 68.11affected
MozillaThunderbirdunspecified < 78.1affected

Weaknesses

  • Potential leak of redirect targets when loading scripts in a worker

ADP Enrichment

CVE Program Container

Additional References

References