CVE-2020-26975 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2020-26975 Interim 1 12 2025-02-17T01:11:51Z current 2021-05-30T14:44:42Z 2025-02-17T01:11:51Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2020-26975 When a malicious application installed on the user's device broadcast an Intent to Firefox for Android, arbitrary headers could have been specified, leading to attacks such as abusing ambient authority or session fixation. This was resolved by only allowing certain safe-listed headers. *Note: This issue only affected Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 84. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/3HI2RC7AJAHY74Q6MK7GNGWU6TITB22V/ E-Mail link for openSUSE-SU-2024:14572-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Tumbleweed MozillaFirefox-92.0-1.2 MozillaFirefox-branding-upstream-92.0-1.2 MozillaFirefox-devel-92.0-1.2 MozillaFirefox-translations-common-92.0-1.2 MozillaFirefox-translations-other-92.0-1.2 firefox-esr-128.5.1-1.1 firefox-esr-branding-upstream-128.5.1-1.1 firefox-esr-translations-common-128.5.1-1.1 firefox-esr-translations-other-128.5.1-1.1 MozillaFirefox-92.0-1.2 as a component of openSUSE Tumbleweed MozillaFirefox-branding-upstream-92.0-1.2 as a component of openSUSE Tumbleweed MozillaFirefox-devel-92.0-1.2 as a component of openSUSE Tumbleweed MozillaFirefox-translations-common-92.0-1.2 as a component of openSUSE Tumbleweed MozillaFirefox-translations-other-92.0-1.2 as a component of openSUSE Tumbleweed firefox-esr-128.5.1-1.1 as a component of openSUSE Tumbleweed firefox-esr-branding-upstream-128.5.1-1.1 as a component of openSUSE Tumbleweed firefox-esr-translations-common-128.5.1-1.1 as a component of openSUSE Tumbleweed firefox-esr-translations-other-128.5.1-1.1 as a component of openSUSE Tumbleweed When a malicious application installed on the user's device broadcast an Intent to Firefox for Android, arbitrary headers could have been specified, leading to attacks such as abusing ambient authority or session fixation. This was resolved by only allowing certain safe-listed headers. *Note: This issue only affected Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 84. CVE-2020-26975 openSUSE Tumbleweed:MozillaFirefox-92.0-1.2 openSUSE Tumbleweed:MozillaFirefox-branding-upstream-92.0-1.2 openSUSE Tumbleweed:MozillaFirefox-devel-92.0-1.2 openSUSE Tumbleweed:MozillaFirefox-translations-common-92.0-1.2 openSUSE Tumbleweed:MozillaFirefox-translations-other-92.0-1.2 openSUSE Tumbleweed:firefox-esr-128.5.1-1.1 openSUSE Tumbleweed:firefox-esr-branding-upstream-128.5.1-1.1 openSUSE Tumbleweed:firefox-esr-translations-common-128.5.1-1.1 openSUSE Tumbleweed:firefox-esr-translations-other-128.5.1-1.1 important 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N