1829344 – (CVE-2020-6810) CVE-2020-6810 Mozilla: Focusing a popup while in fullscreen could have obscured the fullscreen notification

Bug 1829344 (CVE-2020-6810) - CVE-2020-6810 Mozilla: Focusing a popup while in fullscreen could have obscured the fullscreen notification

Summary: CVE-2020-6810 Mozilla: Focusing a popup while in fullscreen could have obscur...

Keywords:
Status:	CLOSED WONTFIX
Alias:	CVE-2020-6810
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	1829324
TreeView+	depends on / blocked

Reported:	2020-04-29 12:18 UTC by msiddiqu
Modified:	2021-02-26 08:32 UTC (History)
CC List:	3 users (show)
Fixed In Version:	firefox 74
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2020-04-29 16:32:07 UTC
Embargoed:

Attachments	(Terms of Use)

Description msiddiqu 2020-04-29 12:18:20 UTC

After a website had entered fullscreen mode, it could have used a previously opened popup to obscure the notification that indicates the browser is in fullscreen mode. Combined with spoofing the browser chrome, this could have led to confusing the user about the current origin of the page and credential theft or other attacks.



External Reference:

https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2020-6810

Comment 1 msiddiqu 2020-04-29 12:18:25 UTC

Acknowledgments:

Name: the Mozilla project
Upstream: Avi Drissman (Chrome security team)

Comment 2 Product Security DevOps Team 2020-04-29 16:32:07 UTC

This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2020-6810

Note You need to log in before you can comment on or make changes to this bug.