2023-04-24 12:24:31 +02:00
{
"id" : "CVE-2020-15654" ,
"sourceIdentifier" : "security@mozilla.org" ,
"published" : "2020-08-10T18:15:12.437" ,
2024-11-23 13:10:58 +00:00
"lastModified" : "2024-11-21T05:05:57.160" ,
"vulnStatus" : "Modified" ,
2024-12-08 03:06:42 +00:00
"cveTags" : [ ] ,
2023-04-24 12:24:31 +02:00
"descriptions" : [
{
"lang" : "en" ,
"value" : "When in an endless loop, a website specifying a custom cursor using CSS could make it look like the user is interacting with the user interface, when they are not. This could lead to a perceived broken state, especially when interactions with existing browser dialogs and warnings do not work. This vulnerability affects Firefox ESR < 78.1, Firefox < 79, and Thunderbird < 78.1."
} ,
{
"lang" : "es" ,
"value" : "Cuando en un bucle infinito, un sitio web que especifica un cursor personalizado usando CSS podr\u00eda hacer que parezca que el usuario est\u00e1 interactuando con la interfaz de usuario, cuando no es as\u00ed. Esto podr\u00eda conllevar a un estado roto percibido, especialmente cuando las interacciones con los di\u00e1logos y advertencias del navegador existentes no funcionan. Esta vulnerabilidad afecta a Firefox ESR versiones anteriores a 78.1, Firefox versiones anteriores a 79 y Thunderbird versiones anteriores a 78.1"
}
] ,
"metrics" : {
"cvssMetricV31" : [
{
"source" : "nvd@nist.gov" ,
"type" : "Primary" ,
"cvssData" : {
"version" : "3.1" ,
"vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" ,
2024-11-23 13:10:58 +00:00
"baseScore" : 6.5 ,
"baseSeverity" : "MEDIUM" ,
2023-04-24 12:24:31 +02:00
"attackVector" : "NETWORK" ,
"attackComplexity" : "LOW" ,
"privilegesRequired" : "NONE" ,
"userInteraction" : "REQUIRED" ,
"scope" : "UNCHANGED" ,
"confidentialityImpact" : "NONE" ,
"integrityImpact" : "HIGH" ,
2024-11-23 13:10:58 +00:00
"availabilityImpact" : "NONE"
2023-04-24 12:24:31 +02:00
} ,
"exploitabilityScore" : 2.8 ,
"impactScore" : 3.6
}
] ,
"cvssMetricV2" : [
{
"source" : "nvd@nist.gov" ,
"type" : "Primary" ,
"cvssData" : {
"version" : "2.0" ,
"vectorString" : "AV:N/AC:M/Au:N/C:N/I:P/A:N" ,
2024-11-23 13:10:58 +00:00
"baseScore" : 4.3 ,
2023-04-24 12:24:31 +02:00
"accessVector" : "NETWORK" ,
"accessComplexity" : "MEDIUM" ,
"authentication" : "NONE" ,
"confidentialityImpact" : "NONE" ,
"integrityImpact" : "PARTIAL" ,
2024-11-23 13:10:58 +00:00
"availabilityImpact" : "NONE"
2023-04-24 12:24:31 +02:00
} ,
"baseSeverity" : "MEDIUM" ,
"exploitabilityScore" : 8.6 ,
"impactScore" : 2.9 ,
"acInsufInfo" : false ,
"obtainAllPrivilege" : false ,
"obtainUserPrivilege" : false ,
"obtainOtherPrivilege" : false ,
"userInteractionRequired" : true
}
]
} ,
"weaknesses" : [
{
"source" : "nvd@nist.gov" ,
"type" : "Primary" ,
"description" : [
{
"lang" : "en" ,
"value" : "CWE-835"
}
]
}
] ,
"configurations" : [
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*" ,
"versionEndExcluding" : "79.0" ,
"matchCriteriaId" : "89415068-6F07-4D38-9BE8-EAC175A310DF"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*" ,
"versionEndExcluding" : "78.1" ,
"matchCriteriaId" : "E1B90123-60A0-407C-BCCD-083FA3FEECCC"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*" ,
"versionEndExcluding" : "78.1" ,
"matchCriteriaId" : "B31A7BCE-C606-43F5-ABAA-F76B75BFDF3C"
}
]
}
]
} ,
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*" ,
"matchCriteriaId" : "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*" ,
"matchCriteriaId" : "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*" ,
"matchCriteriaId" : "902B8056-9E37-443B-8905-8AA93E2447FB"
}
]
}
]
}
] ,
"references" : [
{
"url" : "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00025.html" ,
"source" : "security@mozilla.org" ,
"tags" : [
"Third Party Advisory"
]
} ,
{
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1648333" ,
"source" : "security@mozilla.org" ,
"tags" : [
"Issue Tracking" ,
"Vendor Advisory"
]
} ,
{
"url" : "https://usn.ubuntu.com/4443-1/" ,
"source" : "security@mozilla.org" ,
"tags" : [
"Third Party Advisory"
]
} ,
{
"url" : "https://www.mozilla.org/security/advisories/mfsa2020-30/" ,
"source" : "security@mozilla.org" ,
"tags" : [
"Vendor Advisory"
]
} ,
{
"url" : "https://www.mozilla.org/security/advisories/mfsa2020-32/" ,
"source" : "security@mozilla.org" ,
"tags" : [
"Vendor Advisory"
]
} ,
{
"url" : "https://www.mozilla.org/security/advisories/mfsa2020-33/" ,
"source" : "security@mozilla.org" ,
"tags" : [
"Vendor Advisory"
]
2024-11-23 13:10:58 +00:00
} ,
{
"url" : "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00025.html" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108" ,
"tags" : [
"Third Party Advisory"
]
} ,
{
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1648333" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108" ,
"tags" : [
"Issue Tracking" ,
"Vendor Advisory"
]
} ,
{
"url" : "https://usn.ubuntu.com/4443-1/" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108" ,
"tags" : [
"Third Party Advisory"
]
} ,
{
"url" : "https://www.mozilla.org/security/advisories/mfsa2020-30/" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108" ,
"tags" : [
"Vendor Advisory"
]
} ,
{
"url" : "https://www.mozilla.org/security/advisories/mfsa2020-32/" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108" ,
"tags" : [
"Vendor Advisory"
]
} ,
{
"url" : "https://www.mozilla.org/security/advisories/mfsa2020-33/" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108" ,
"tags" : [
"Vendor Advisory"
]
2023-04-24 12:24:31 +02:00
}
]
}
