Vulnerability Details CVE-2020-15649
Given an installed malicious file picker application, an attacker was able to steal and upload local files of their choosing, regardless of the actually files picked. *Note: This issue only affected Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox ESR < 68.11.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 47.4%
CVSS Severity
CVSS v3 Score 5.5
CVSS v2 Score 4.3
References
Products affected by CVE-2020-15649
-
cpe:2.3:a:mozilla:firefox_esr:-
-
cpe:2.3:a:mozilla:firefox_esr:10.0
-
cpe:2.3:a:mozilla:firefox_esr:10.0.1
-
cpe:2.3:a:mozilla:firefox_esr:10.0.10
-
cpe:2.3:a:mozilla:firefox_esr:10.0.11
-
cpe:2.3:a:mozilla:firefox_esr:10.0.12
-
cpe:2.3:a:mozilla:firefox_esr:10.0.2
-
cpe:2.3:a:mozilla:firefox_esr:10.0.3
-
cpe:2.3:a:mozilla:firefox_esr:10.0.4
-
cpe:2.3:a:mozilla:firefox_esr:10.0.5
-
cpe:2.3:a:mozilla:firefox_esr:10.0.6
-
cpe:2.3:a:mozilla:firefox_esr:10.0.7
-
cpe:2.3:a:mozilla:firefox_esr:10.0.8
-
cpe:2.3:a:mozilla:firefox_esr:10.0.9
-
cpe:2.3:a:mozilla:firefox_esr:17.0
-
cpe:2.3:a:mozilla:firefox_esr:17.0.1
-
cpe:2.3:a:mozilla:firefox_esr:17.0.10
-
cpe:2.3:a:mozilla:firefox_esr:17.0.11
-
cpe:2.3:a:mozilla:firefox_esr:17.0.2
-
cpe:2.3:a:mozilla:firefox_esr:17.0.3
-
cpe:2.3:a:mozilla:firefox_esr:17.0.4
-
cpe:2.3:a:mozilla:firefox_esr:17.0.5
-
cpe:2.3:a:mozilla:firefox_esr:17.0.6
-
cpe:2.3:a:mozilla:firefox_esr:17.0.7
-
cpe:2.3:a:mozilla:firefox_esr:17.0.8
-
cpe:2.3:a:mozilla:firefox_esr:17.0.9
-
cpe:2.3:a:mozilla:firefox_esr:24.0
-
cpe:2.3:a:mozilla:firefox_esr:24.0.1
-
cpe:2.3:a:mozilla:firefox_esr:24.0.2
-
cpe:2.3:a:mozilla:firefox_esr:24.1.0
-
cpe:2.3:a:mozilla:firefox_esr:24.1.1
-
cpe:2.3:a:mozilla:firefox_esr:24.2
-
cpe:2.3:a:mozilla:firefox_esr:24.3
-
cpe:2.3:a:mozilla:firefox_esr:24.4
-
cpe:2.3:a:mozilla:firefox_esr:24.5
-
cpe:2.3:a:mozilla:firefox_esr:24.6
-
cpe:2.3:a:mozilla:firefox_esr:24.7
-
cpe:2.3:a:mozilla:firefox_esr:24.8
-
cpe:2.3:a:mozilla:firefox_esr:31.0
-
cpe:2.3:a:mozilla:firefox_esr:31.1
-
cpe:2.3:a:mozilla:firefox_esr:31.1.0
-
cpe:2.3:a:mozilla:firefox_esr:31.1.1
-
cpe:2.3:a:mozilla:firefox_esr:31.2
-
cpe:2.3:a:mozilla:firefox_esr:31.3
-
cpe:2.3:a:mozilla:firefox_esr:31.3.0
-
cpe:2.3:a:mozilla:firefox_esr:31.4
-
cpe:2.3:a:mozilla:firefox_esr:31.5
-
cpe:2.3:a:mozilla:firefox_esr:31.5.1
-
cpe:2.3:a:mozilla:firefox_esr:31.5.2
-
cpe:2.3:a:mozilla:firefox_esr:31.5.3
-
cpe:2.3:a:mozilla:firefox_esr:31.6
-
cpe:2.3:a:mozilla:firefox_esr:31.7
-
cpe:2.3:a:mozilla:firefox_esr:31.8
-
cpe:2.3:a:mozilla:firefox_esr:38.0
-
cpe:2.3:a:mozilla:firefox_esr:38.0.1
-
cpe:2.3:a:mozilla:firefox_esr:38.0.5
-
cpe:2.3:a:mozilla:firefox_esr:38.1.0
-
cpe:2.3:a:mozilla:firefox_esr:38.1.1
-
cpe:2.3:a:mozilla:firefox_esr:38.2.0
-
cpe:2.3:a:mozilla:firefox_esr:38.2.1
-
cpe:2.3:a:mozilla:firefox_esr:38.3.0
-
cpe:2.3:a:mozilla:firefox_esr:38.4.0
-
cpe:2.3:a:mozilla:firefox_esr:38.5.0
-
cpe:2.3:a:mozilla:firefox_esr:38.5.1
-
cpe:2.3:a:mozilla:firefox_esr:38.5.2
-
cpe:2.3:a:mozilla:firefox_esr:38.6.0
-
cpe:2.3:a:mozilla:firefox_esr:38.6.1
-
cpe:2.3:a:mozilla:firefox_esr:38.7.0
-
cpe:2.3:a:mozilla:firefox_esr:38.7.1
-
cpe:2.3:a:mozilla:firefox_esr:38.8.0
-
cpe:2.3:a:mozilla:firefox_esr:45.0
-
cpe:2.3:a:mozilla:firefox_esr:45.0.1
-
cpe:2.3:a:mozilla:firefox_esr:45.0.2
-
cpe:2.3:a:mozilla:firefox_esr:45.1.0
-
cpe:2.3:a:mozilla:firefox_esr:45.1.1
-
cpe:2.3:a:mozilla:firefox_esr:45.2.0
-
cpe:2.3:a:mozilla:firefox_esr:45.3.0
-
cpe:2.3:a:mozilla:firefox_esr:45.4.0
-
cpe:2.3:a:mozilla:firefox_esr:45.5.0
-
cpe:2.3:a:mozilla:firefox_esr:45.5.1
-
cpe:2.3:a:mozilla:firefox_esr:45.6.0
-
cpe:2.3:a:mozilla:firefox_esr:45.7.0
-
cpe:2.3:a:mozilla:firefox_esr:45.8.0
-
cpe:2.3:a:mozilla:firefox_esr:45.9.0
-
cpe:2.3:a:mozilla:firefox_esr:52.0
-
cpe:2.3:a:mozilla:firefox_esr:52.1.0
-
cpe:2.3:a:mozilla:firefox_esr:52.1.1
-
cpe:2.3:a:mozilla:firefox_esr:52.1.2
-
cpe:2.3:a:mozilla:firefox_esr:52.2.0
-
cpe:2.3:a:mozilla:firefox_esr:52.2.1
-
cpe:2.3:a:mozilla:firefox_esr:52.3.0
-
cpe:2.3:a:mozilla:firefox_esr:52.4.0
-
cpe:2.3:a:mozilla:firefox_esr:52.4.1
-
cpe:2.3:a:mozilla:firefox_esr:52.5.0
-
cpe:2.3:a:mozilla:firefox_esr:52.5.2
-
cpe:2.3:a:mozilla:firefox_esr:52.5.3
-
cpe:2.3:a:mozilla:firefox_esr:52.6.0
-
cpe:2.3:a:mozilla:firefox_esr:52.7.0
-
cpe:2.3:a:mozilla:firefox_esr:52.7.1
-
cpe:2.3:a:mozilla:firefox_esr:52.7.2
-
cpe:2.3:a:mozilla:firefox_esr:52.7.3
-
cpe:2.3:a:mozilla:firefox_esr:52.7.4
-
cpe:2.3:a:mozilla:firefox_esr:52.8.0
-
cpe:2.3:a:mozilla:firefox_esr:52.8.1
-
cpe:2.3:a:mozilla:firefox_esr:52.9.0
-
cpe:2.3:a:mozilla:firefox_esr:53.0.0
-
cpe:2.3:a:mozilla:firefox_esr:60.0
-
cpe:2.3:a:mozilla:firefox_esr:60.0.1
-
cpe:2.3:a:mozilla:firefox_esr:60.0.2
-
cpe:2.3:a:mozilla:firefox_esr:60.1.0
-
cpe:2.3:a:mozilla:firefox_esr:60.2.0
-
cpe:2.3:a:mozilla:firefox_esr:60.2.2
-
cpe:2.3:a:mozilla:firefox_esr:60.3.0
-
cpe:2.3:a:mozilla:firefox_esr:60.4.0
-
cpe:2.3:a:mozilla:firefox_esr:60.5.0
-
cpe:2.3:a:mozilla:firefox_esr:60.6.0
-
cpe:2.3:a:mozilla:firefox_esr:60.6.1
-
cpe:2.3:a:mozilla:firefox_esr:60.6.2
-
cpe:2.3:a:mozilla:firefox_esr:60.6.3
-
cpe:2.3:a:mozilla:firefox_esr:60.7.0
-
cpe:2.3:a:mozilla:firefox_esr:60.7.1
-
cpe:2.3:a:mozilla:firefox_esr:60.7.2
-
cpe:2.3:a:mozilla:firefox_esr:60.8.0
-
cpe:2.3:a:mozilla:firefox_esr:60.9
-
cpe:2.3:a:mozilla:firefox_esr:60.9.0
-
cpe:2.3:a:mozilla:firefox_esr:68.0
-
cpe:2.3:a:mozilla:firefox_esr:68.0.1
-
cpe:2.3:a:mozilla:firefox_esr:68.0.2
-
cpe:2.3:a:mozilla:firefox_esr:68.1
-
cpe:2.3:a:mozilla:firefox_esr:68.1.0
-
cpe:2.3:a:mozilla:firefox_esr:68.10.0
-
cpe:2.3:a:mozilla:firefox_esr:68.3
-
cpe:2.3:a:mozilla:firefox_esr:68.3.0
-
cpe:2.3:a:mozilla:firefox_esr:68.4
-
cpe:2.3:a:mozilla:firefox_esr:68.4.0
-
cpe:2.3:a:mozilla:firefox_esr:68.4.1
-
cpe:2.3:a:mozilla:firefox_esr:68.5.0
-
cpe:2.3:a:mozilla:firefox_esr:68.6.0
-
cpe:2.3:a:mozilla:firefox_esr:68.6.1
-
cpe:2.3:a:mozilla:firefox_esr:68.7.0
-
cpe:2.3:a:mozilla:firefox_esr:68.8.0
-
cpe:2.3:a:mozilla:firefox_esr:68.9.0
-
cpe:2.3:o:google:android:-