cve/2020/CVE-2020-26962.md

### [CVE-2020-26962](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26962)
![](https://img.shields.io/static/v1?label=Product&message=Firefox&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=Cross-origin%20iframes%20supported%20login%20autofill&color=brighgreen)

### Description

Cross-origin iframes that contained a login form could have been recognized by the login autofill service, and populated. This could have been used in clickjacking attacks, as well as be read across partitions in dynamic first party isolation. This vulnerability affects Firefox < 83.

### POC

#### Reference
- https://bugzilla.mozilla.org/show_bug.cgi?id=610997
- https://bugzilla.mozilla.org/show_bug.cgi?id=610997

#### Github
No PoCs found on GitHub currently.
Update Sat May 25 21:48:12 CEST 2024 2024-05-25 21:48:12 +02:00			`### [CVE-2020-26962](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26962)`
			`![](https://img.shields.io/static/v1?label=Product&message=Firefox&color=blue)`
			`![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=Cross-origin%20iframes%20supported%20login%20autofill&color=brighgreen)`

			`### Description`

			`Cross-origin iframes that contained a login form could have been recognized by the login autofill service, and populated. This could have been used in clickjacking attacks, as well as be read across partitions in dynamic first party isolation. This vulnerability affects Firefox < 83.`

			`### POC`

			`#### Reference`
			`- https://bugzilla.mozilla.org/show_bug.cgi?id=610997`
Update CVE sources 2024-06-09 00:33 2024-06-09 00:33:16 +00:00			`- https://bugzilla.mozilla.org/show_bug.cgi?id=610997`
Update Sat May 25 21:48:12 CEST 2024 2024-05-25 21:48:12 +02:00
			`#### Github`
			`No PoCs found on GitHub currently.`