CVE-2020-15677

Summary

By exploiting an Open Redirect vulnerability on a website, an attacker could have spoofed the site displayed in the download file dialog to show the original site (the one suffering from the open redirect) rather than the site the file was actually downloaded from. This vulnerability affects Firefox < 81, Thunderbird < 78.3, and Firefox ESR < 78.3.

Affected Software

VendorProductVersion RangeStatus
MozillaFirefoxunspecified < 81affected
MozillaThunderbirdunspecified < 78.3affected
MozillaFirefox ESRunspecified < 78.3affected

Weaknesses

  • Download origin spoofing via redirect

ADP Enrichment

CVE Program Container

Additional References

References