What is CVE-2020-35111?

CVE-2020-35111 is a vulnerability in Mozilla Firefox and Thunderbird that allowed the proxy.onRequest callback to not be triggered for view-source URLs, potentially leading to IP address leakage.

Which products are affected by CVE-2020-35111?

Mozilla Firefox versions up to and exclusive of 84, Mozilla Thunderbird versions up to and exclusive of 78.6, and Mozilla Firefox ESR versions up to and exclusive of 78.6 are affected by CVE-2020-35111.

What is the severity of CVE-2020-35111?

CVE-2020-35111 is classified as a low severity vulnerability.

How can I remediate CVE-2020-35111?

To fix CVE-2020-35111, update to the latest version of Mozilla Firefox, Thunderbird, or Firefox ESR, depending on the product you are using.

Where can I find more information about CVE-2020-35111?

You can find more information about CVE-2020-35111 in the following references: [Mozilla Bugzilla - CVE-2020-35111](https://bugzilla.mozilla.org/show_bug.cgi?id=1657916), [Mozilla Security Advisory - MFSA2020-54](https://www.mozilla.org/en-US/security/advisories/mfsa2020-54/), [Mozilla Security Advisory - MFSA2020-56](https://www.mozilla.org/en-US/security/advisories/mfsa2020-56/).

Vulnerability/
CVE-2020-35111

medium

4.3

15/12/2020

7/1/2021

4/8/2024

CVE-2020-35111

First published: Tue Dec 15 2020(Updated: )

When an extension with the proxy permission registered to receive <all_urls>, the proxy.onRequest callback was not triggered for view-source URLs. While web content cannot navigate to such URLs, a user opening View Source could have inadvertently leaked their IP address.

Credit: security@mozilla.org

Affected Software	Affected Version	How to fix
Mozilla Firefox	<84	84
	<84	84
	<78.6	78.6
	<78.6	78.6
Mozilla Firefox	<84.0
Mozilla Firefox ESR	<78.6.0
Mozilla Thunderbird	<78.6.0

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

Peer vulnerabilities

(Found alongside the following vulnerabilities)

Frequently Asked Questions

What is CVE-2020-35111?
CVE-2020-35111 is a vulnerability in Mozilla Firefox and Thunderbird that allowed the proxy.onRequest callback to not be triggered for view-source URLs, potentially leading to IP address leakage.
Which products are affected by CVE-2020-35111?
Mozilla Firefox versions up to and exclusive of 84, Mozilla Thunderbird versions up to and exclusive of 78.6, and Mozilla Firefox ESR versions up to and exclusive of 78.6 are affected by CVE-2020-35111.
What is the severity of CVE-2020-35111?
CVE-2020-35111 is classified as a low severity vulnerability.
How can I remediate CVE-2020-35111?
To fix CVE-2020-35111, update to the latest version of Mozilla Firefox, Thunderbird, or Firefox ESR, depending on the product you are using.
Where can I find more information about CVE-2020-35111?
You can find more information about CVE-2020-35111 in the following references: [Mozilla Bugzilla - CVE-2020-35111](https://bugzilla.mozilla.org/show_bug.cgi?id=1657916), [Mozilla Security Advisory - MFSA2020-54](https://www.mozilla.org/en-US/security/advisories/mfsa2020-54/), [Mozilla Security Advisory - MFSA2020-56](https://www.mozilla.org/en-US/security/advisories/mfsa2020-56/).

agent/type
agent/first-publish-date
agent/softwarecombine
agent/references
agent/author
agent/severity
collector/mozilla-advisory
source/Mozilla
agent/software-canonical-lookup
agent/software-canonical-lookup-request
agent/description
collector/nvd-index
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/tags
agent/event
agent/trending
vendor/mozilla
canonical/mozilla firefox esr
canonical/mozilla thunderbird
canonical/mozilla firefox