Origin Validation Error
CVE-2020-15652
Summary
By observing the stack trace for JavaScript errors in web workers, it was possible to leak the result of a cross-origin redirect. This applied only to content that can be parsed as script. This vulnerability affects Firefox < 79, Firefox ESR < 68.11, Firefox ESR < 78.1, Thunderbird < 68.11, and Thunderbird < 78.1.
- LOW
- NETWORK
- NONE
- UNCHANGED
- REQUIRED
- NONE
- HIGH
- NONE
CWE-346 - Origin Validation Error
The software does not properly verify that the source of data or communication is valid.
References
Advisory Timeline
- Published
