CVE-2020-15665

low-risk
Published 2020-10-01

Firefox did not reset the address bar after the beforeunload dialog was shown if the user chose to remain on the page. This could have resulted in an incorrect URL being shown when used in conjunction with other unexpected browser behaviors. This vulnerability affects Firefox < 80.

Do I need to act?

-
0.19% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
4
CVSS 4.3/10 Medium
NETWORK / LOW complexity

Affected Products (1)

Affected Vendors

Mozilla

References (4)

Exploit https://bugzilla.mozilla.org/show_bug.cgi?id=1651636
Release Notes https://www.mozilla.org/security/advisories/mfsa2020-36/
Exploit https://bugzilla.mozilla.org/show_bug.cgi?id=1651636
Release Notes https://www.mozilla.org/security/advisories/mfsa2020-36/
24
/ 100
low-risk
Severity 18/34 · Moderate
Exploitability 1/34 · Minimal
Exposure 5/34 · Minimal