CVE-2020-6828
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A malicious Android application could craft an Intent that would have been processed by Firefox for Android and potentially result in a file overwrite in the user's profile directory. One exploitation vector for this would be to supply a user.js file providing arbitrary malicious preference values. Control of arbitrary preferences can lead to sufficient compromise such that it is generally equivalent to arbitrary code execution.<br> *Note: This issue only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox ESR < 68.7.
Una aplicación de Android maliciosa podría crear un Intent que habría sido procesado por Firefox para Android y resulta potencialmente en la sobrescritura de un archivo en el directorio del perfil del usuario. Un vector de explotación para esto sería suministrar un archivo user.js que proporcione valores arbitrarios de preferencia maliciosa. El control de las preferencias arbitrarias puede conllevar a un compromiso suficiente de modo que generalmente sea equivalente a una ejecución de código arbitraria. (br) *Nota: Este problema solo afecta a Firefox para Android. Otros sistemas operativos no están afectados.*. Esta vulnerabilidad afecta a Firefox ESR versiones anteriores a 68.7.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2020-01-10 CVE Reserved
- 2020-04-24 CVE Published
- 2023-03-31 EPSS Updated
- 2024-08-04 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CAPEC
References (1)
URL | Tag | Source |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://www.mozilla.org/security/advisories/mfsa2020-13 | 2021-07-21 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Mozilla Search vendor "Mozilla" | Firefox Esr Search vendor "Mozilla" for product "Firefox Esr" | < 68.7.0 Search vendor "Mozilla" for product "Firefox Esr" and version " < 68.7.0" | - |
Affected
| in | Google Search vendor "Google" | Android Search vendor "Google" for product "Android" | - | - |
Safe
|