CVE-2020-15649

Severity CVSS v4.0:
Pending analysis
Type:
CWE-434 Unrestricted Upload of File with Dangerous Type
Publication date:
10/08/2020
Last modified:
12/08/2020

Description

Given an installed malicious file picker application, an attacker was able to steal and upload local files of their choosing, regardless of the actually files picked. *Note: This issue only affected Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox ESR

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:* 68.11 (excluding)
cpe:2.3:o:google:android:-:*:*:*:*:*:*:*