VDB
CVE-2020-26975
CVE-2020-26975
PUBLISHED
Reported by mozilla · Published January 7, 2021
When a malicious application installed on the user's device broadcast an Intent to Firefox for Android, arbitrary headers could have been specified, leading to attacks such as abusing ambient authority or session fixation. This was resolved by only allowing certain safe-listed headers. *Note: This issue only affected Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 84.
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mozilla | Firefox | unspecified |
| alpine | librewolf | 0, 0, 0 |
| Mozilla | Firefox | unspecified |
| alpine | firefox | 0, 0, 0 |
Timeline
- Jan 7, 2021 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Feb 28, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- May 1, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
- Nov 6, 2022 EPSS Score
- Jan 8, 2023 EPSS Score