CVE-2020-26967
First published: Tue Nov 17 2020(Updated: )
When listening for page changes with a Mutation Observer, a malicious web page could confuse Firefox Screenshots into interacting with elements other than those that it injected into the page. This would lead to internal errors and unexpected behavior in the Screenshots code.
Credit: security@mozilla.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mozilla Firefox | <83 | 83 |
| <83 | 83 | |
| Mozilla Firefox | <83.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Peer vulnerabilities
(Found alongside the following vulnerabilities)
Frequently Asked Questions
What is CVE-2020-26967?
CVE-2020-26967 is a vulnerability in Firefox that allows a malicious web page to confuse Firefox Screenshots into interacting with injected elements, leading to internal errors and unexpected behavior.
Which software is affected by CVE-2020-26967?
Mozilla Firefox versions up to exclusive version 83.0 are affected by CVE-2020-26967.
How severe is CVE-2020-26967?
CVE-2020-26967 has a severity rating of 6.5 (Medium).
How can I fix CVE-2020-26967?
To fix CVE-2020-26967, update your Mozilla Firefox browser to version 83.0 or higher.
Where can I find more information about CVE-2020-26967?
You can find more information about CVE-2020-26967 on the Mozilla website and bugzilla.mozilla.org.
- agent/type
- agent/first-publish-date
- agent/last-modified-date
- agent/softwarecombine
- agent/author
- agent/severity
- agent/references
- agent/event
- agent/description
- collector/mozilla-advisory
- agent/software-canonical-lookup-request
- source/Mozilla
- agent/software-canonical-lookup
- agent/tags
- collector/nvd-index
- collector/mitre-cve
- source/MITRE
- vendor/mozilla
- canonical/mozilla firefox