CVE-2020-26962
N/A
N/A
Summary
Cross-origin iframes that contained a login form could have been recognized by the login autofill service, and populated. This could have been used in clickjacking attacks, as well as be read across partitions in dynamic first party isolation. This vulnerability affects Firefox < 83.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Mozilla | Firefox | < 83 | affected |
Weaknesses
- Cross-origin iframes supported login autofill
ADP Enrichment
CVE Program Container
Additional References
- https://bugzilla.mozilla.org/show_bug.cgi?id=610997
- https://www.mozilla.org/security/advisories/mfsa2020-50/
References
- https://bugzilla.mozilla.org/show_bug.cgi?id=610997
- https://www.mozilla.org/security/advisories/mfsa2020-50/
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.