Vulnerabilities > CVE-2020-6813 - Unspecified vulnerability in Mozilla Firefox

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
PARTIAL
Availability impact
NONE
network
low complexity
mozilla
nessus

Summary

When protecting CSS blocks with the nonce feature of Content Security Policy, the @import statement in the CSS block could allow an attacker to inject arbitrary styles, bypassing the intent of the Content Security Policy. This vulnerability affects Firefox < 74.

Vulnerable Configurations

Part Description Count
Application
Mozilla
491

Nessus

  • NASL familyMacOS X Local Security Checks
    NASL idMACOS_FIREFOX_74_0.NASL
    descriptionThe version of Firefox installed on the remote macOS or Mac OS X host is prior to 74.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2020-08 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-05-06
    modified2020-03-11
    plugin id134404
    published2020-03-11
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/134404
    titleMozilla Firefox < 74.0 Multiple Vulnerabilities
  • NASL familyWindows
    NASL idMOZILLA_FIREFOX_74_0.NASL
    descriptionThe version of Firefox installed on the remote Windows host is prior to 74.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2020-08 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-05-06
    modified2020-03-11
    plugin id134405
    published2020-03-11
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/134405
    titleMozilla Firefox < 74.0 Multiple Vulnerabilities
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-4299-1.NASL
    descriptionMultiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, spoof the URL or other browser chrome, obtain sensitive information, bypass Content Security Policy (CSP) protections, or execute arbitrary code. (CVE-2019-20503, CVE-2020-6805, CVE-2020-6806, CVE-2020-6807, CVE-2020-6808, CVE-2020-6810, CVE-2020-6812, CVE-2020-6813, CVE-2020-6814, CVE-2020-6815) It was discovered that Web Extensions with the all-url permission could access local files. If a user were tricked in to installing a specially crafted extension, an attacker could potentially exploit this to obtain sensitive information. (CVE-2020-6809) It was discovered that the Devtools
    last seen2020-05-08
    modified2020-03-12
    plugin id134442
    published2020-03-12
    reporterUbuntu Security Notice (C) 2020 Canonical, Inc. / NASL script (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/134442
    titleUbuntu 16.04 LTS / 18.04 LTS / 19.10 : firefox vulnerabilities (USN-4299-1)