Unrated severityNVD Advisory· Published Oct 1, 2020· Updated Aug 4, 2024
CVE-2020-15666
CVE-2020-15666
Description
When trying to load a non-video in an audio/video context the exact status code (200, 302, 404, 500, 412, 403, etc.) was disclosed via the MediaError Message. This level of information leakage is inconsistent with the standardized onerror/onsuccess disclosure and can lead to inferring login status to services or device discovery on a local network among other attacks. This vulnerability affects Firefox < 80 and Firefox for Android < 80.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
6<80+ 1 more
- (no CPE)range: <80
- (no CPE)range: unspecified
<80+ 1 more
- (no CPE)range: <80
- (no CPE)range: unspecified
- osv-coords2 versionspkg:rpm/opensuse/firefox-esr&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/MozillaFirefox&distro=openSUSE%20Tumbleweed
< 128.5.1-1.1+ 1 more
- (no CPE)range: < 128.5.1-1.1
- (no CPE)range: < 92.0-1.2
Patches
Vulnerability mechanics
References
3- bugzilla.mozilla.org/show_bug.cgimitrex_refsource_MISC
- www.mozilla.org/security/advisories/mfsa2020-36/mitrex_refsource_MISC
- www.mozilla.org/security/advisories/mfsa2020-39/mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.