CVE-2020-26962

Summary

Cross-origin iframes that contained a login form could have been recognized by the login autofill service, and populated. This could have been used in clickjacking attacks, as well as be read across partitions in dynamic first party isolation. This vulnerability affects Firefox < 83.

Affected Software

VendorProductVersion RangeStatus
MozillaFirefox< 83affected

Weaknesses

  • Cross-origin iframes supported login autofill

ADP Enrichment

CVE Program Container

Additional References

References