CVE-2020-15650
First published: Tue Jul 28 2020(Updated: )
Given an installed malicious file picker application, an attacker was able to overwrite local files and thus overwrite Firefox settings (but not access the previous profile). Note: This issue only affected Firefox for Android. Other operating systems are unaffected.
Credit: security@mozilla.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mozilla Firefox ESR | <68.11 | 68.11 |
| <68.11 | 68.11 | |
| Mozilla Firefox ESR | <68.11 | |
| Google Android |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Peer vulnerabilities
(Found alongside the following vulnerabilities)
Frequently Asked Questions
What is the vulnerability ID?
The vulnerability ID is CVE-2020-15650.
What is the severity of CVE-2020-15650?
The severity of CVE-2020-15650 is medium.
Which operating systems are affected by CVE-2020-15650?
Only Firefox for Android is affected by CVE-2020-15650. Other operating systems are unaffected.
How can an attacker exploit CVE-2020-15650?
An attacker can exploit CVE-2020-15650 by using an installed malicious file picker application to overwrite local files and Firefox settings.
How can I fix CVE-2020-15650?
To fix CVE-2020-15650, update Firefox for Android to version 68.11 or later.
- collector/mozilla-advisory
- agent/type
- agent/first-publish-date
- agent/last-modified-date
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/references
- agent/author
- agent/severity
- agent/tags
- agent/description
- agent/event
- source/Mozilla
- agent/software-canonical-lookup
- collector/mitre-cve
- source/MITRE
- vendor/mozilla
- canonical/mozilla firefox esr
- vendor/google
- canonical/google android