Vulnerabilities > CVE-2020-15648 - Improper Restriction of Rendered UI Layers or Frames vulnerability in Mozilla Firefox
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
HIGH Availability impact
NONE Summary
Using object or embed tags, it was possible to frame other websites, even if they disallowed framing using the X-Frame-Options header. This vulnerability affects Thunderbird < 78 and Firefox < 78.0.2.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
References
- https://bugzilla.mozilla.org/show_bug.cgi?id=1644076
- https://bugzilla.mozilla.org/show_bug.cgi?id=1644076
- https://www.mozilla.org/security/advisories/mfsa2020-28/
- https://www.mozilla.org/security/advisories/mfsa2020-28/
- https://www.mozilla.org/security/advisories/mfsa2020-29/
- https://www.mozilla.org/security/advisories/mfsa2020-29/