Vulnerabilities > CVE-2020-26962 - Improper Restriction of Rendered UI Layers or Frames vulnerability in Mozilla Firefox

047910
CVSS 6.1 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
LOW
Integrity impact
LOW
Availability impact
NONE
network
low complexity
mozilla
CWE-1021
NVD
Published: 2020-12-09
Updated: 2020-12-10

Summary

Cross-origin iframes that contained a login form could have been recognized by the login autofill service, and populated. This could have been used in clickjacking attacks, as well as be read across partitions in dynamic first party isolation. This vulnerability affects Firefox < 83.

Vulnerable Configurations

Part Description Count
Application
Mozilla
685

Common Weakness Enumeration (CWE)

References