CVE-2020-15677
6.1
MEDIUM
CVSS 3.1
EPSS 0.53%
Description
By exploiting an Open Redirect vulnerability on a website, an attacker could have spoofed the site displayed in the download file dialog to show the original site (the one suffering from the open redirect) rather than the site the file was actually downloaded from. This vulnerability affects Firefox < 81, Thunderbird < 78.3, and Firefox ESR < 78.3.
How to fix CVE-2020-15677
To remediate CVE-2020-15677, upgrade the affected package to a fixed version below.
- —upgrade to 78.3.0esr-1 or later
- —upgrade to 1:78.3.1-1 or later
Is CVE-2020-15677 being exploited?
Low — EPSS is 0.5%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 78.3.0esr-1
- from 0, < 1:78.3.1-1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM6.1 | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |