{"containers": {"cna": {"affected": [{"product": "Firefox", "vendor": "Mozilla", "versions": [{"lessThan": "79", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "Firefox ESR", "vendor": "Mozilla", "versions": [{"lessThan": "68.11", "status": "affected", "version": "unspecified", "versionType": "custom"}, {"lessThan": "78.1", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "Thunderbird", "vendor": "Mozilla", "versions": [{"lessThan": "68.11", "status": "affected", "version": "unspecified", "versionType": "custom"}, {"lessThan": "78.1", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "By observing the stack trace for JavaScript errors in web workers, it was possible to leak the result of a cross-origin redirect. This applied only to content that can be parsed as script. This vulnerability affects Firefox < 79, Firefox ESR < 68.11, Firefox ESR < 78.1, Thunderbird < 68.11, and Thunderbird < 78.1."}], "problemTypes": [{"descriptions": [{"description": "Potential leak of redirect targets when loading scripts in a worker", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-08-18T13:06:13", "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.mozilla.org/security/advisories/mfsa2020-30/"}, {"tags": ["x_refsource_MISC"], "url": "https://www.mozilla.org/security/advisories/mfsa2020-35/"}, {"tags": ["x_refsource_MISC"], "url": "https://www.mozilla.org/security/advisories/mfsa2020-32/"}, {"tags": ["x_refsource_MISC"], "url": "https://www.mozilla.org/security/advisories/mfsa2020-33/"}, {"tags": ["x_refsource_MISC"], "url": "https://www.mozilla.org/security/advisories/mfsa2020-31/"}, {"tags": ["x_refsource_MISC"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1634872"}, {"name": "openSUSE-SU-2020:1179", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00022.html"}, {"name": "openSUSE-SU-2020:1189", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00025.html"}, {"name": "openSUSE-SU-2020:1205", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00032.html"}, {"name": "USN-4443-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/4443-1/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@mozilla.org", "ID": "CVE-2020-15652", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Firefox", "version": {"version_data": [{"version_affected": "<", "version_value": "79"}]}}, {"product_name": "Firefox ESR", "version": {"version_data": [{"version_affected": "<", "version_value": "68.11"}, {"version_affected": "<", "version_value": "78.1"}]}}, {"product_name": "Thunderbird", "version": {"version_data": [{"version_affected": "<", "version_value": "68.11"}, {"version_affected": "<", "version_value": "78.1"}]}}]}, "vendor_name": "Mozilla"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "By observing the stack trace for JavaScript errors in web workers, it was possible to leak the result of a cross-origin redirect. This applied only to content that can be parsed as script. This vulnerability affects Firefox < 79, Firefox ESR < 68.11, Firefox ESR < 78.1, Thunderbird < 68.11, and Thunderbird < 78.1."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Potential leak of redirect targets when loading scripts in a worker"}]}]}, "references": {"reference_data": [{"name": "https://www.mozilla.org/security/advisories/mfsa2020-30/", "refsource": "MISC", "url": "https://www.mozilla.org/security/advisories/mfsa2020-30/"}, {"name": "https://www.mozilla.org/security/advisories/mfsa2020-35/", "refsource": "MISC", "url": "https://www.mozilla.org/security/advisories/mfsa2020-35/"}, {"name": "https://www.mozilla.org/security/advisories/mfsa2020-32/", "refsource": "MISC", "url": "https://www.mozilla.org/security/advisories/mfsa2020-32/"}, {"name": "https://www.mozilla.org/security/advisories/mfsa2020-33/", "refsource": "MISC", "url": "https://www.mozilla.org/security/advisories/mfsa2020-33/"}, {"name": "https://www.mozilla.org/security/advisories/mfsa2020-31/", "refsource": "MISC", "url": "https://www.mozilla.org/security/advisories/mfsa2020-31/"}, {"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1634872", "refsource": "MISC", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1634872"}, {"name": "openSUSE-SU-2020:1179", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00022.html"}, {"name": "openSUSE-SU-2020:1189", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00025.html"}, {"name": "openSUSE-SU-2020:1205", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00032.html"}, {"name": "USN-4443-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4443-1/"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T13:22:30.541Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.mozilla.org/security/advisories/mfsa2020-30/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.mozilla.org/security/advisories/mfsa2020-35/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.mozilla.org/security/advisories/mfsa2020-32/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.mozilla.org/security/advisories/mfsa2020-33/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.mozilla.org/security/advisories/mfsa2020-31/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1634872"}, {"name": "openSUSE-SU-2020:1179", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00022.html"}, {"name": "openSUSE-SU-2020:1189", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00025.html"}, {"name": "openSUSE-SU-2020:1205", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00032.html"}, {"name": "USN-4443-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/4443-1/"}]}]}, "cveMetadata": {"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "assignerShortName": "mozilla", "cveId": "CVE-2020-15652", "datePublished": "2020-08-10T17:43:24", "dateReserved": "2020-07-10T00:00:00", "dateUpdated": "2024-08-04T13:22:30.541Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "matchCriteriaId": "89415068-6F07-4D38-9BE8-EAC175A310DF", "versionEndExcluding": "79.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "matchCriteriaId": "B7C6EE7F-C0DA-4347-8AC6-35309751B93C", "versionEndExcluding": "78.1", "versionStartIncluding": "78.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*", "matchCriteriaId": "A0267D9C-02C0-4057-AFBC-C14B11792AB2", "versionEndExcluding": "68.11", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*", "matchCriteriaId": "73C27FBD-A24E-4084-941F-A033A922268A", "versionEndExcluding": "68.11", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*", "matchCriteriaId": "D7CB2793-FCE0-4769-AFD4-4FF1CAB472C3", "versionEndExcluding": "78.1", "versionStartIncluding": "78.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*", "matchCriteriaId": "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*", "matchCriteriaId": "902B8056-9E37-443B-8905-8AA93E2447FB", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "By observing the stack trace for JavaScript errors in web workers, it was possible to leak the result of a cross-origin redirect. This applied only to content that can be parsed as script. This vulnerability affects Firefox < 79, Firefox ESR < 68.11, Firefox ESR < 78.1, Thunderbird < 68.11, and Thunderbird < 78.1."}, {"lang": "es", "value": "Al observar el seguimiento de la pila de errores de JavaScript en los trabajadores web, fue posible filtrar el resultado de un redireccionamiento de origen cruzado. Esto se aplica solo al contenido que puede ser analizado como script. Esta vulnerabilidad afecta a Firefox versiones anteriores a 79, Firefox ESR versiones anteriores a 68.11, Firefox ESR versiones anteriores a 78.1, Thunderbird versiones anteriores a 68.11 y Thunderbird versiones anteriores a 78.1"}], "id": "CVE-2020-15652", "lastModified": "2024-10-21T13:55:03.510", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-08-10T18:15:12.297", "references": [{"source": "security@mozilla.org", "tags": ["Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00022.html"}, {"source": "security@mozilla.org", "tags": ["Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00025.html"}, {"source": "security@mozilla.org", "tags": ["Broken Link"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00032.html"}, {"source": "security@mozilla.org", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1634872"}, {"source": "security@mozilla.org", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/4443-1/"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2020-30/"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2020-31/"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2020-32/"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2020-33/"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2020-35/"}], "sourceIdentifier": "security@mozilla.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-346"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Mikhail Oblozhikhin as the original reporter.", "affected_release": [{"advisory": "RHSA-2020:3233", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "firefox-0:68.11.0-1.el6_10", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2020-07-29T00:00:00Z"}, {"advisory": "RHSA-2020:3345", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "thunderbird-0:68.11.0-1.el6_10", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2020-08-06T00:00:00Z"}, {"advisory": "RHSA-2020:3253", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "firefox-0:68.11.0-1.el7_8", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2020-07-30T00:00:00Z"}, {"advisory": "RHSA-2020:3344", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "thunderbird-0:68.11.0-1.el7_8", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2020-08-06T00:00:00Z"}, {"advisory": "RHSA-2020:3241", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "firefox-0:68.11.0-1.el8_2", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2020-07-30T00:00:00Z"}, {"advisory": "RHSA-2020:3341", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "thunderbird-0:68.11.0-1.el8_2", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2020-08-06T00:00:00Z"}, {"advisory": "RHSA-2020:3229", "cpe": "cpe:/a:redhat:rhel_e4s:8.0", "package": "firefox-0:68.11.0-1.el8_0", "product_name": "Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions", "release_date": "2020-07-29T00:00:00Z"}, {"advisory": "RHSA-2020:3343", "cpe": "cpe:/a:redhat:rhel_e4s:8.0", "package": "thunderbird-0:68.11.0-1.el8_0", "product_name": "Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions", "release_date": "2020-08-06T00:00:00Z"}, {"advisory": "RHSA-2020:3254", "cpe": "cpe:/a:redhat:rhel_eus:8.1", "package": "firefox-0:68.11.0-1.el8_1", "product_name": "Red Hat Enterprise Linux 8.1 Extended Update Support", "release_date": "2020-07-30T00:00:00Z"}, {"advisory": "RHSA-2020:3342", "cpe": "cpe:/a:redhat:rhel_eus:8.1", "package": "thunderbird-0:68.11.0-1.el8_1", "product_name": "Red Hat Enterprise Linux 8.1 Extended Update Support", "release_date": "2020-08-06T00:00:00Z"}], "bugzilla": {"description": "Mozilla: Potential leak of redirect targets when loading scripts in a worker", "id": "1861570", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1861570"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "status": "verified"}, "cwe": "CWE-209", "details": ["By observing the stack trace for JavaScript errors in web workers, it was possible to leak the result of a cross-origin redirect. This applied only to content that can be parsed as script. This vulnerability affects Firefox < 79, Firefox ESR < 68.11, Firefox ESR < 78.1, Thunderbird < 68.11, and Thunderbird < 78.1."], "name": "CVE-2020-15652", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Out of support scope", "package_name": "firefox", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Out of support scope", "package_name": "thunderbird", "product_name": "Red Hat Enterprise Linux 5"}], "public_date": "2020-07-28T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2020-15652\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-15652\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2020-31/#CVE-2020-15652"], "threat_severity": "Important", "upstream_fix": "thunderbird 78.1, thunderbird 68.11, firefox 68.11"}