{"containers": {"cna": {"affected": [{"product": "Firefox", "vendor": "Mozilla", "versions": [{"lessThan": "80", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "Thunderbird", "vendor": "Mozilla", "versions": [{"lessThan": "78.2", "status": "affected", "version": "unspecified", "versionType": "custom"}, {"lessThan": "68.12", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "Firefox ESR", "vendor": "Mozilla", "versions": [{"lessThan": "68.12", "status": "affected", "version": "unspecified", "versionType": "custom"}, {"lessThan": "78.2", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "Firefox for Android", "vendor": "Mozilla", "versions": [{"lessThan": "80", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "By holding a reference to the eval() function from an about:blank window, a malicious webpage could have gained access to the InstallTrigger object which would allow them to prompt the user to install an extension. Combined with user confusion, this could result in an unintended or malicious extension being installed. This vulnerability affects Firefox < 80, Thunderbird < 78.2, Thunderbird < 68.12, Firefox ESR < 68.12, Firefox ESR < 78.2, and Firefox for Android < 80."}], "problemTypes": [{"descriptions": [{"description": "Attacker-induced prompt for extension installation", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-10-01T18:43:26", "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.mozilla.org/security/advisories/mfsa2020-39/"}, {"tags": ["x_refsource_MISC"], "url": "https://www.mozilla.org/security/advisories/mfsa2020-41/"}, {"tags": ["x_refsource_MISC"], "url": "https://www.mozilla.org/security/advisories/mfsa2020-36/"}, {"tags": ["x_refsource_MISC"], "url": "https://www.mozilla.org/security/advisories/mfsa2020-38/"}, {"tags": ["x_refsource_MISC"], "url": "https://www.mozilla.org/security/advisories/mfsa2020-40/"}, {"tags": ["x_refsource_MISC"], "url": "https://www.mozilla.org/security/advisories/mfsa2020-37/"}, {"tags": ["x_refsource_MISC"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1658214"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@mozilla.org", "ID": "CVE-2020-15664", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Firefox", "version": {"version_data": [{"version_affected": "<", "version_value": "80"}]}}, {"product_name": "Thunderbird", "version": {"version_data": [{"version_affected": "<", "version_value": "78.2"}, {"version_affected": "<", "version_value": "68.12"}]}}, {"product_name": "Firefox ESR", "version": {"version_data": [{"version_affected": "<", "version_value": "68.12"}, {"version_affected": "<", "version_value": "78.2"}]}}, {"product_name": "Firefox for Android", "version": {"version_data": [{"version_affected": "<", "version_value": "80"}]}}]}, "vendor_name": "Mozilla"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "By holding a reference to the eval() function from an about:blank window, a malicious webpage could have gained access to the InstallTrigger object which would allow them to prompt the user to install an extension. Combined with user confusion, this could result in an unintended or malicious extension being installed. This vulnerability affects Firefox < 80, Thunderbird < 78.2, Thunderbird < 68.12, Firefox ESR < 68.12, Firefox ESR < 78.2, and Firefox for Android < 80."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Attacker-induced prompt for extension installation"}]}]}, "references": {"reference_data": [{"name": "https://www.mozilla.org/security/advisories/mfsa2020-39/", "refsource": "MISC", "url": "https://www.mozilla.org/security/advisories/mfsa2020-39/"}, {"name": "https://www.mozilla.org/security/advisories/mfsa2020-41/", "refsource": "MISC", "url": "https://www.mozilla.org/security/advisories/mfsa2020-41/"}, {"name": "https://www.mozilla.org/security/advisories/mfsa2020-36/", "refsource": "MISC", "url": "https://www.mozilla.org/security/advisories/mfsa2020-36/"}, {"name": "https://www.mozilla.org/security/advisories/mfsa2020-38/", "refsource": "MISC", "url": "https://www.mozilla.org/security/advisories/mfsa2020-38/"}, {"name": "https://www.mozilla.org/security/advisories/mfsa2020-40/", "refsource": "MISC", "url": "https://www.mozilla.org/security/advisories/mfsa2020-40/"}, {"name": "https://www.mozilla.org/security/advisories/mfsa2020-37/", "refsource": "MISC", "url": "https://www.mozilla.org/security/advisories/mfsa2020-37/"}, {"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1658214", "refsource": "MISC", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1658214"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T13:22:30.600Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.mozilla.org/security/advisories/mfsa2020-39/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.mozilla.org/security/advisories/mfsa2020-41/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.mozilla.org/security/advisories/mfsa2020-36/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.mozilla.org/security/advisories/mfsa2020-38/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.mozilla.org/security/advisories/mfsa2020-40/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.mozilla.org/security/advisories/mfsa2020-37/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1658214"}]}]}, "cveMetadata": {"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "assignerShortName": "mozilla", "cveId": "CVE-2020-15664", "datePublished": "2020-10-01T18:43:26", "dateReserved": "2020-07-10T00:00:00", "dateUpdated": "2024-08-04T13:22:30.600Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:-:*:*", "matchCriteriaId": "02FEC5B0-7705-414F-B2F7-BB6F82C1C04F", "versionEndExcluding": "80.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:android:*:*:*", "matchCriteriaId": "6DF920F9-0144-4585-8EB6-E1AEFDD3C666", "versionEndExcluding": "80.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "matchCriteriaId": "08650C9C-1E2B-4BFC-913A-08A8E92AFB0A", "versionEndExcluding": "78.2", "versionStartIncluding": "78.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*", "matchCriteriaId": "F9B827CE-70B0-41B2-9C42-AD7F33F66A56", "versionEndExcluding": "68.12", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*", "matchCriteriaId": "C12A0E2D-8E0D-48BA-A7BC-E21BE4E35397", "versionEndExcluding": "68.12", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*", "matchCriteriaId": "37E82BAB-B6B4-430E-A4FC-A83800A89B8E", "versionEndExcluding": "78.2", "versionStartIncluding": "78.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "By holding a reference to the eval() function from an about:blank window, a malicious webpage could have gained access to the InstallTrigger object which would allow them to prompt the user to install an extension. Combined with user confusion, this could result in an unintended or malicious extension being installed. This vulnerability affects Firefox < 80, Thunderbird < 78.2, Thunderbird < 68.12, Firefox ESR < 68.12, Firefox ESR < 78.2, and Firefox for Android < 80."}, {"lang": "es", "value": "Al mantener una referencia a la funci\u00f3n eval() desde una ventana about:blank, una p\u00e1gina web maliciosa podr\u00eda haber conseguido acceso al objeto InstallTrigger, lo que le permitir\u00eda solicitar al usuario que instale una extensi\u00f3n.&#xa0;Combinado con la confusi\u00f3n del usuario, esto podr\u00eda resultar en la instalaci\u00f3n de una extensi\u00f3n maliciosa o involuntaria.&#xa0;Esta vulnerabilidad afecta a Firefox versiones anteriores a 80, Thunderbird versiones anteriores a 78.2, Thunderbird versiones anteriores a 68.12, Firefox ESR versiones anteriores a 68.12, Firefox ESR versiones anteriores a 78.2 y Firefox para Android versiones anteriores a 80"}], "id": "CVE-2020-15664", "lastModified": "2024-11-21T05:05:58.347", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-10-01T19:15:13.047", "references": [{"source": "security@mozilla.org", "tags": ["Issue Tracking", "Permissions Required", "Vendor Advisory"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1658214"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2020-36/"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2020-37/"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2020-38/"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2020-39/"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2020-40/"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2020-41/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Permissions Required", "Vendor Advisory"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1658214"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2020-36/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2020-37/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2020-38/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2020-39/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2020-40/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2020-41/"}], "sourceIdentifier": "security@mozilla.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-863"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Kaizer Soze as the original reporter.", "affected_release": [{"advisory": "RHSA-2020:3558", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "firefox-0:68.12.0-1.el6_10", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2020-08-26T00:00:00Z"}, {"advisory": "RHSA-2020:3643", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "thunderbird-0:68.12.0-1.el6_10", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2020-09-08T00:00:00Z"}, {"advisory": "RHSA-2020:3556", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "firefox-0:68.12.0-1.el7_8", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2020-08-26T00:00:00Z"}, {"advisory": "RHSA-2020:3631", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "thunderbird-0:68.12.0-1.el7_8", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2020-09-07T00:00:00Z"}, {"advisory": "RHSA-2020:3557", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "firefox-0:78.2.0-2.el8_2", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2020-08-26T00:00:00Z"}, {"advisory": "RHSA-2020:3634", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "thunderbird-0:68.12.0-1.el8_2", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2020-09-07T00:00:00Z"}, {"advisory": "RHSA-2020:3555", "cpe": "cpe:/a:redhat:rhel_e4s:8.0", "package": "firefox-0:78.2.0-3.el8_0", "product_name": "Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions", "release_date": "2020-08-26T00:00:00Z"}, {"advisory": "RHSA-2020:3633", "cpe": "cpe:/a:redhat:rhel_e4s:8.0", "package": "thunderbird-0:68.12.0-1.el8_0", "product_name": "Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions", "release_date": "2020-09-07T00:00:00Z"}, {"advisory": "RHSA-2020:3559", "cpe": "cpe:/a:redhat:rhel_eus:8.1", "package": "firefox-0:78.2.0-3.el8_1", "product_name": "Red Hat Enterprise Linux 8.1 Extended Update Support", "release_date": "2020-08-26T00:00:00Z"}, {"advisory": "RHSA-2020:3632", "cpe": "cpe:/a:redhat:rhel_eus:8.1", "package": "thunderbird-0:68.12.0-1.el8_1", "product_name": "Red Hat Enterprise Linux 8.1 Extended Update Support", "release_date": "2020-09-07T00:00:00Z"}], "bugzilla": {"description": "Mozilla: Attacker-induced prompt for extension installation", "id": "1872531", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1872531"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "status": "verified"}, "cwe": "CWE-648", "details": ["By holding a reference to the eval() function from an about:blank window, a malicious webpage could have gained access to the InstallTrigger object which would allow them to prompt the user to install an extension. Combined with user confusion, this could result in an unintended or malicious extension being installed. This vulnerability affects Firefox < 80, Thunderbird < 78.2, Thunderbird < 68.12, Firefox ESR < 68.12, Firefox ESR < 78.2, and Firefox for Android < 80."], "name": "CVE-2020-15664", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Out of support scope", "package_name": "firefox", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Out of support scope", "package_name": "thunderbird", "product_name": "Red Hat Enterprise Linux 5"}], "public_date": "2020-08-25T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2020-15664\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-15664\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2020-37/#CVE-2020-15664"], "threat_severity": "Important"}