The domain associated with the prompt to open an external protocol could be spoofed to display the incorrect origin - CVE-2020-15682ID: oval:org.secpod.oval:def:66263 | Date: (C)2020-10-21 (M)2024-03-27 |
Class: VULNERABILITY | Family: windows |
Mozilla Firefox 82: When a link to an external protocol was clicked, a prompt was presented that allowed the user to choose what application to open it in. An attacker could induce that prompt to be associated with an origin they didn't control, resulting in a spoofing attack. This was fixed by changing external protocol prompts to be tab-modal while also ensuring they could not be incorrectly associated with a different origin.
Platform: |
Microsoft Windows Server 2022 |
Microsoft Windows 11 |
Microsoft Windows 7 |
Microsoft Windows 8.1 |
Microsoft Windows 10 |
Microsoft Windows Server 2008 |
Microsoft Windows Server 2008 R2 |
Microsoft Windows Server 2012 |
Microsoft Windows Server 2012 R2 |
Microsoft Windows Server 2016 |
Microsoft Windows Server 2019 |
Microsoft Windows Server 1803 |
Microsoft Windows Server 1809 |
Microsoft Windows Server 1903 |
Microsoft Windows Server 1909 |
Microsoft Windows Server 2004 |