CVE-2020-12412
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
09/07/2020
Last modified:
13/07/2020
Description
By navigating a tab using the history API, an attacker could cause the address bar to display the incorrect domain (with the https:// scheme, a blocked port number such as '1', and without a lock icon) while controlling the page contents. This vulnerability affects Firefox
Impact
Base Score 3.x
4.30
Severity 3.x
MEDIUM
Base Score 2.0
4.30
Severity 2.0
MEDIUM
Vulnerable products and versions
CPE | From | Up to |
---|---|---|
cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:* | 70.0 (excluding) |
To consult the complete list of CPE names with products and versions, see this page