First published: Tue Jul 28 2020(Updated: )
Given an installed malicious file picker application, an attacker was able to steal and upload local files of their choosing, regardless of the actually files picked. Note: This issue only affected Firefox for Android. Other operating systems are unaffected.
Credit: security@mozilla.org
Affected Software | Affected Version | How to fix |
---|---|---|
Mozilla Firefox ESR | <68.11 | 68.11 |
<68.11 | 68.11 | |
Mozilla Firefox ESR | <68.11 | |
Google Android |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Found alongside the following vulnerabilities)
The severity of CVE-2020-15649 is medium.
The affected software of CVE-2020-15649 is Mozilla Firefox ESR version 68.11.
The impact of CVE-2020-15649 is that an attacker can steal and upload local files of their choosing.
To fix CVE-2020-15649, update Mozilla Firefox to version 68.11 or newer.
You can find more information about CVE-2020-15649 on the Mozilla website and Bugzilla.