4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
0.002 Low
EPSS
Percentile
57.8%
An iframe sandbox element with the allow-popups flag could be bypassed when
using noopener links. This could have led to security issues for websites
relying on sandbox configurations that allowed popups and hosted arbitrary
content. This vulnerability affects Firefox ESR < 78.1, Firefox < 79, and
Thunderbird < 78.1.
Author | Note |
---|---|
tyhicks | mozjs contains a copy of the SpiderMonkey JavaScript engine |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 18.04 | noarch | firefox | < 79.0+build1-0ubuntu0.18.04.1 | UNKNOWN |
ubuntu | 20.04 | noarch | firefox | < 79.0+build1-0ubuntu0.20.04.1 | UNKNOWN |
ubuntu | 20.10 | noarch | firefox | < 80.0.1+build1-0ubuntu1 | UNKNOWN |
ubuntu | 21.04 | noarch | firefox | < 80.0.1+build1-0ubuntu1 | UNKNOWN |
ubuntu | 21.10 | noarch | firefox | < 80.0.1+build1-0ubuntu1 | UNKNOWN |
ubuntu | 22.04 | noarch | firefox | < 80.0.1+build1-0ubuntu1 | UNKNOWN |
ubuntu | 22.10 | noarch | firefox | < 80.0.1+build1-0ubuntu1 | UNKNOWN |
ubuntu | 23.04 | noarch | firefox | < 80.0.1+build1-0ubuntu1 | UNKNOWN |
ubuntu | 23.10 | noarch | firefox | < 80.0.1+build1-0ubuntu1 | UNKNOWN |
ubuntu | 24.04 | noarch | firefox | < 80.0.1+build1-0ubuntu1 | UNKNOWN |
launchpad.net/bugs/cve/CVE-2020-15653
nvd.nist.gov/vuln/detail/CVE-2020-15653
security-tracker.debian.org/tracker/CVE-2020-15653
ubuntu.com/security/notices/USN-4443-1
www.cve.org/CVERecord?id=CVE-2020-15653
www.mozilla.org/en-US/security/advisories/mfsa2020-30/#CVE-2020-15653
www.mozilla.org/en-US/security/advisories/mfsa2020-33/#CVE-2020-15653
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
0.002 Low
EPSS
Percentile
57.8%