CVE-2020-15647

Published: 10 August 2020

A Content Provider in Firefox for Android allowed local files accessible by the browser to be read by a remote webpage, leading to sensitive data disclosure, including cookies for other origins. This vulnerability affects Firefox for < Android.

Priority

Medium

CVSS 3 base score: 7.4

Status

Package Release Status
firefox
Launchpad, Ubuntu, Debian
Upstream Not vulnerable
(debian: Only affects Firefox for Android)
Ubuntu 20.04 LTS (Focal Fossa) Not vulnerable

Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable

Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist