CVE-2020-26964

Published: Dec 9, 2020

Modified: Aug 4, 2024

PUBLISHED

Description

If the Remote Debugging via USB feature was enabled in Firefox for Android on an Android version prior to Android 6.0, untrusted apps could have connected to the feature and operated with the privileges of the browser to read and interact with web content. The feature was implemented as a unix domain socket, protected by the Android SELinux policy; however, SELinux was not enforced for versions prior to 6.0. This was fixed by removing the Remote Debugging via USB feature from affected devices. *Note: This issue only affected Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 83.

Vendor	Product	Versions
Mozilla	Firefox	affected `< 83`

References

https://bugzilla.mozilla.org/show_bug.cgi?id=1658865

x_refsource_MISC

https://www.mozilla.org/security/advisories/mfsa2020-50/

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2020-26964

Description

Affected Products

References