By navigating a tab using the history API, an attacker could cause the address bar to display the incorrect domain (with the https:// scheme, a blocked port number such as '1', and without a lock icon) while controlling the page contents. This vulnerability affects Firefox < 70.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mozilla
Published: 2020-07-09T14:47:46
Updated: 2024-08-04T11:56:52.061Z
Reserved: 2020-04-28T00:00:00
Link: CVE-2020-12412
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2020-07-09T15:15:11.473
Modified: 2020-07-13T01:21:12.713
Link: CVE-2020-12412
Redhat