Bug 1872531 (CVE-2020-15664) - CVE-2020-15664 Mozilla: Attacker-induced prompt for extension installation
Summary: CVE-2020-15664 Mozilla: Attacker-induced prompt for extension installation
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2020-15664
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1870413 1870414 1870415 1870416 1870417 1870418 1870419 1873365 1873366 1873367 1873368 1873369 1873370 1873371
Blocks: 1870411
TreeView+ depends on / blocked
 
Reported: 2020-08-26 02:43 UTC by Doran Moppert
Modified: 2021-10-05 06:43 UTC (History)
4 users (show)

Fixed In Version: firefox 68.12, firefox 78.2, firefox 80, thunderbird 68.12, thunderbird 78.2
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2020-08-26 13:17:29 UTC
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2020:3555 0 None None None 2020-08-26 08:31:28 UTC
Red Hat Product Errata RHSA-2020:3556 0 None None None 2020-08-26 08:33:11 UTC
Red Hat Product Errata RHSA-2020:3557 0 None None None 2020-08-26 08:46:25 UTC
Red Hat Product Errata RHSA-2020:3558 0 None None None 2020-08-26 08:29:05 UTC
Red Hat Product Errata RHSA-2020:3559 0 None None None 2020-08-26 10:09:37 UTC
Red Hat Product Errata RHSA-2020:3631 0 None None None 2020-09-07 08:13:38 UTC
Red Hat Product Errata RHSA-2020:3632 0 None None None 2020-09-07 08:24:57 UTC
Red Hat Product Errata RHSA-2020:3633 0 None None None 2020-09-07 08:19:59 UTC
Red Hat Product Errata RHSA-2020:3634 0 None None None 2020-09-07 08:28:45 UTC
Red Hat Product Errata RHSA-2020:3643 0 None None None 2020-09-08 08:02:39 UTC

Description Doran Moppert 2020-08-26 02:43:36 UTC 
By holding a reference to the `eval()` function from an about:blank window, a malicious webpage could have gained access to the InstallTrigger object which would allow them to prompt the user to install an extension. Combined with user confusion, this could result in an unintended or malicious extension being installed.



External Reference:

https://www.mozilla.org/en-US/security/advisories/mfsa2020-37/#CVE-2020-15664
Comment 1 Doran Moppert 2020-08-26 02:43:40 UTC 
Acknowledgments:

Name: the Mozilla project
Upstream: Kaizer Soze
Comment 2 errata-xmlrpc 2020-08-26 08:29:02 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6

Via RHSA-2020:3558 https://access.redhat.com/errata/RHSA-2020:3558
Comment 3 errata-xmlrpc 2020-08-26 08:31:25 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions

Via RHSA-2020:3555 https://access.redhat.com/errata/RHSA-2020:3555
Comment 4 errata-xmlrpc 2020-08-26 08:33:08 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2020:3556 https://access.redhat.com/errata/RHSA-2020:3556
Comment 5 errata-xmlrpc 2020-08-26 08:46:22 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2020:3557 https://access.redhat.com/errata/RHSA-2020:3557
Comment 6 errata-xmlrpc 2020-08-26 10:09:34 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Extended Update Support

Via RHSA-2020:3559 https://access.redhat.com/errata/RHSA-2020:3559
Comment 7 Product Security DevOps Team 2020-08-26 13:17:29 UTC 
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2020-15664
Comment 13 errata-xmlrpc 2020-09-07 08:13:34 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2020:3631 https://access.redhat.com/errata/RHSA-2020:3631
Comment 14 errata-xmlrpc 2020-09-07 08:19:55 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions

Via RHSA-2020:3633 https://access.redhat.com/errata/RHSA-2020:3633
Comment 15 errata-xmlrpc 2020-09-07 08:24:55 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Extended Update Support

Via RHSA-2020:3632 https://access.redhat.com/errata/RHSA-2020:3632
Comment 16 errata-xmlrpc 2020-09-07 08:28:40 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2020:3634 https://access.redhat.com/errata/RHSA-2020:3634
Comment 19 errata-xmlrpc 2020-09-08 08:02:35 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6

Via RHSA-2020:3643 https://access.redhat.com/errata/RHSA-2020:3643
Note You need to log in before you can comment on or make changes to this bug.