CVE-2020-15652 - Vulncode-DB

CVE-2020-15652 (NVD)

2020-08-10

By observing the stack trace for JavaScript errors in web workers, it was possible to leak the result of a cross-origin redirect. This applied only to content that can be parsed as script. This vulnerability affects Firefox < 79, Firefox ESR < 68.11, Firefox ESR < 78.1, Thunderbird < 68.11, and Thunderbird < 78.1.

Products	Ubuntu_linux, Firefox, Firefox_esr, Thunderbird
Type	Origin Validation Error (CWE-346)
First patch	- None (likely due to unavailable code)
Links	• https://www.mozilla.org/security/advisories/mfsa2020-33/ • https://www.mozilla.org/security/advisories/mfsa2020-30/ • https://bugzilla.mozilla.org/show_bug.cgi?id=1634872 • https://www.mozilla.org/security/advisories/mfsa2020-32/ • http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00032.html More/Less (5) • http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00025.html • https://usn.ubuntu.com/4443-1/ • https://www.mozilla.org/security/advisories/mfsa2020-31/ • http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00022.html • https://www.mozilla.org/security/advisories/mfsa2020-35/