Vulnerabilities > CVE-2020-35111 - Unspecified vulnerability in Mozilla Firefox ESR
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
LOW Integrity impact
NONE Availability impact
NONE Summary
When an extension with the proxy permission registered to receive <all_urls>, the proxy.onRequest callback was not triggered for view-source URLs. While web content cannot navigate to such URLs, a user opening View Source could have inadvertently leaked their IP address. This vulnerability affects Firefox < 84, Thunderbird < 78.6, and Firefox ESR < 78.6.
Vulnerable Configurations
References
- https://bugzilla.mozilla.org/show_bug.cgi?id=1657916
- https://bugzilla.mozilla.org/show_bug.cgi?id=1657916
- https://www.mozilla.org/security/advisories/mfsa2020-54/
- https://www.mozilla.org/security/advisories/mfsa2020-54/
- https://www.mozilla.org/security/advisories/mfsa2020-55/
- https://www.mozilla.org/security/advisories/mfsa2020-55/
- https://www.mozilla.org/security/advisories/mfsa2020-56/
- https://www.mozilla.org/security/advisories/mfsa2020-56/