### [CVE-2020-6808](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6808)
![](https://img.shields.io/static/v1?label=Product&message=Firefox&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=%3C%2074%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=URL%20Spoofing%20via%20javascript%3A%20URL&color=brighgreen)

### Description

When a JavaScript URL (javascript:) is evaluated and the result is a string, this string is parsed to create an HTML document, which is then presented. Previously, this document's URL (as reported by the document.location property, for example) was the originating javascript: URL which could lead to spoofing attacks; it is now correctly the URL of the originating document. This vulnerability affects Firefox < 74.

### POC

#### Reference
- https://bugzilla.mozilla.org/show_bug.cgi?id=1247968
- https://bugzilla.mozilla.org/show_bug.cgi?id=1247968

#### Github
No PoCs found on GitHub currently.