CVE-2020-6809

Summary

When a Web Extension had the all-urls permission and made a fetch request with a mode set to 'same-origin', it was possible for the Web Extension to read local files. This vulnerability affects Firefox < 74.

Affected Software

VendorProductVersion RangeStatus
MozillaFirefoxunspecified < 74affected

Weaknesses

  • Web Extensions with the all-urls permission could access local files

ADP Enrichment

CVE Program Container

Additional References

References