Unrated severityNVD Advisory· Published Aug 10, 2020· Updated Aug 4, 2024
CVE-2020-15658
CVE-2020-15658
Description
The code for downloading files did not properly take care of special characters, which led to an attacker being able to cut off the file ending at an earlier position, leading to a different file type being downloaded than shown in the dialog. This vulnerability affects Firefox ESR < 78.1, Firefox < 79, and Thunderbird < 78.1.
Affected products
31- osv-coords28 versionspkg:rpm/opensuse/firefox-esr&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/MozillaFirefox&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/MozillaFirefox&distro=openSUSE%20Leap%2015.2pkg:rpm/opensuse/MozillaFirefox&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/pipewire&distro=openSUSE%20Leap%2015.2pkg:rpm/suse/MozillaFirefox-branding-SLE&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP2pkg:rpm/suse/MozillaFirefox&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Enterprise%20Storage%205pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP1pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP2pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4-LTSSpkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCLpkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-LTSSpkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-BCLpkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-LTSSpkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4-LTSSpkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5pkg:rpm/suse/MozillaFirefox&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/MozillaFirefox&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/MozillaFirefox&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/MozillaFirefox&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/MozillaFirefox&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/pipewire&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP2
< 128.5.1-1.1+ 27 more
- (no CPE)range: < 128.5.1-1.1
- (no CPE)range: < 78.1.0-lp151.2.61.1
- (no CPE)range: < 78.1.0-lp152.2.12.1
- (no CPE)range: < 92.0-1.2
- (no CPE)range: < 0.3.6-lp152.2.3.1
- (no CPE)range: < 78-9.2.4
- (no CPE)range: < 78.1.0-112.8.1
- (no CPE)range: < 78.1.0-112.8.1
- (no CPE)range: < 78.1.0-3.100.2
- (no CPE)range: < 78.1.0-8.3.1
- (no CPE)range: < 78.1.0-78.87.1
- (no CPE)range: < 78.1.0-112.8.1
- (no CPE)range: < 78.1.0-112.8.1
- (no CPE)range: < 78.1.0-112.8.1
- (no CPE)range: < 78.1.0-112.8.1
- (no CPE)range: < 78.1.0-112.8.1
- (no CPE)range: < 78.1.0-112.8.1
- (no CPE)range: < 78.1.0-112.8.1
- (no CPE)range: < 78.1.0-112.8.1
- (no CPE)range: < 78.1.0-112.8.1
- (no CPE)range: < 78.1.0-112.8.1
- (no CPE)range: < 78.1.0-112.8.1
- (no CPE)range: < 78.1.0-112.8.1
- (no CPE)range: < 78.1.0-112.8.1
- (no CPE)range: < 78.1.0-112.8.1
- (no CPE)range: < 78.1.0-112.8.1
- (no CPE)range: < 78.1.0-112.8.1
- (no CPE)range: < 0.3.6-3.3.2
- Range: unspecified
- Range: unspecified
- Range: unspecified
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
6- lists.opensuse.org/opensuse-security-announce/2020-08/msg00025.htmlmitrevendor-advisoryx_refsource_SUSE
- usn.ubuntu.com/4443-1/mitrevendor-advisoryx_refsource_UBUNTU
- bugzilla.mozilla.org/show_bug.cgimitrex_refsource_MISC
- www.mozilla.org/security/advisories/mfsa2020-30/mitrex_refsource_MISC
- www.mozilla.org/security/advisories/mfsa2020-32/mitrex_refsource_MISC
- www.mozilla.org/security/advisories/mfsa2020-33/mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.