First published: Tue Nov 17 2020(Updated: )
Firefox did not block execution of scripts with incorrect MIME types when the response was intercepted and cached through a ServiceWorker. This could lead to a cross-site script inclusion vulnerability, or a Content Security Policy bypass.
Credit: security@mozilla.org
Affected Software | Affected Version | How to fix |
---|---|---|
Thunderbird | <78.5 | 78.5 |
Firefox | <83.0 | |
Firefox ESR | <78.5 | |
Thunderbird | <78.5 | |
Firefox | <83 | 83 |
Firefox ESR | <78.5 | 78.5 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Found alongside the following vulnerabilities)
The vulnerability ID of this issue is CVE-2020-26958.
The severity of CVE-2020-26958 is medium (4 on a scale of 1-10).
The software affected by CVE-2020-26958 includes Mozilla Firefox ESR version up to 78.5, Mozilla Firefox version up to 83, and Mozilla Thunderbird up to version 78.5.
CVE-2020-26958 could lead to a cross-site script inclusion vulnerability or a Content Security Policy bypass.
To fix CVE-2020-26958, update Mozilla Firefox ESR to version 78.5 or later, update Mozilla Firefox to version 83 or later, and update Mozilla Thunderbird to version 78.5 or later.