Back to search
CVE-2020-6823
Published: Apr 24, 2020
Modified: Aug 4, 2024
PUBLISHED
Description
A malicious extension could have called <code>browser.identity.launchWebAuthFlow</code>, controlling the redirect_uri, and through the Promise returned, obtain the Auth code and gain access to the user's account at the service provider. This vulnerability affects Firefox < 75.
| Vendor | Product | Versions |
|---|---|---|
Mozilla | Firefox | affected unspecified - < 75 |
References
https://www.mozilla.org/security/advisories/mfsa2020-12/
x_refsource_MISC
https://bugzilla.mozilla.org/show_bug.cgi?id=1614919
x_refsource_MISC
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now