CVE-2020-15677

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2020-15677

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-15677.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2020-15677

Downstream

DEBIAN-CVE-2020-15677

DLA-2387-1

DLA-2408-1

DSA-4768-1

DSA-4770-1

RHSA-2020:3832

RHSA-2020:3833

RHSA-2020:3834

RHSA-2020:3835

RHSA-2020:4080

RHSA-2020:4155

RHSA-2020:4156

RHSA-2020:4157

RHSA-2020:4158

RHSA-2020:4163

SUSE-SU-2020:14502-1

SUSE-SU-2020:2747-1

SUSE-SU-2020:2749-1

SUSE-SU-2020:2759-1

SUSE-SU-2020:3091-1

UBUNTU-CVE-2020-15677

USN-4546-1

openSUSE-SU-2020:1555-1

openSUSE-SU-2020:1574-1

openSUSE-SU-2020:1780-1

openSUSE-SU-2020:1785-1

openSUSE-SU-2024:10600-1

openSUSE-SU-2024:10601-1

openSUSE-SU-2024:14572-1

Related

Published

2020-10-01T19:15:13Z

Modified

2025-08-09T19:01:27Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

By exploiting an Open Redirect vulnerability on a website, an attacker could have spoofed the site displayed in the download file dialog to show the original site (the one suffering from the open redirect) rather than the site the file was actually downloaded from. This vulnerability affects Firefox < 81, Thunderbird < 78.3, and Firefox ESR < 78.3.

References

Affected packages