CVE-2020-26962
First published: Tue Nov 17 2020(Updated: )
Cross-origin iframes that contained a login form could have been recognized by the login autofill service, and populated. This could have been used in clickjacking attacks, as well as be read across partitions in dynamic first party isolation.
Credit: security@mozilla.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mozilla Firefox | <83 | 83 |
| <83 | 83 | |
| Mozilla Firefox | <83.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Peer vulnerabilities
(Found alongside the following vulnerabilities)
Frequently Asked Questions
What is CVE-2020-26962?
CVE-2020-26962 is a vulnerability in Firefox versions prior to 83 that allows cross-origin iframes containing a login form to be recognized by the login autofill service and populated, which can be exploited in clickjacking attacks and across partitions in dynamic first-party isolation.
How does CVE-2020-26962 affect Firefox?
CVE-2020-26962 affects Firefox versions prior to 83.
What is the severity of CVE-2020-26962?
The severity of CVE-2020-26962 is medium with a CVSS score of 6.1.
How can CVE-2020-26962 be exploited?
CVE-2020-26962 can be exploited in clickjacking attacks and can allow the reading of information across partitions in dynamic first-party isolation.
What is the remedy for CVE-2020-26962?
The remedy for CVE-2020-26962 is to update Firefox to version 83 or later.
- agent/type
- agent/last-modified-date
- agent/first-publish-date
- agent/softwarecombine
- agent/references
- agent/severity
- agent/weakness
- agent/author
- agent/event
- collector/mozilla-advisory
- agent/software-canonical-lookup-request
- source/Mozilla
- agent/software-canonical-lookup
- agent/tags
- agent/description
- collector/nvd-index
- collector/mitre-cve
- source/MITRE
- vendor/mozilla
- canonical/mozilla firefox