First published: Tue Apr 07 2020(Updated: )
A malicious extension could have called <code>browser.identity.launchWebAuthFlow</code>, controlling the redirect_uri, and through the Promise returned, obtain the Auth code and gain access to the user's account at the service provider. This vulnerability affects Firefox < 75.
Credit: security@mozilla.org security@mozilla.org
Affected Software | Affected Version | How to fix |
---|---|---|
Mozilla Firefox | <75 | 75 |
Mozilla Firefox | <75.0 | |
debian/firefox | 133.0.3-1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Found alongside the following vulnerabilities)
The vulnerability ID is CVE-2020-6823.
The severity level of CVE-2020-6823 is critical with a score of 9.8.
The software affected by CVE-2020-6823 is Mozilla Firefox versions before 75.
A malicious extension could call browser.identity.launchWebAuthFlow, controlling the redirect_uri to obtain the Auth code and gain access to the user's account at the service provider.
Yes, updating to Mozilla Firefox version 75 or above will fix the vulnerability.