Home > Vulnerability Database > CVE-2020-26964

Mend.io Vulnerability Database

CVE-2020-26964

Date: December 8, 2020

If the Remote Debugging via USB feature was enabled in Firefox for Android on an Android version prior to Android 6.0, untrusted apps could have connected to the feature and operated with the privileges of the browser to read and interact with web content. The feature was implemented as a unix domain socket, protected by the Android SELinux policy; however, SELinux was not enforced for versions prior to 6.0. This was fixed by removing the Remote Debugging via USB feature from affected devices. *Note: This issue only affected Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 83.

Severity Score

6.8

Related Resources (5)

Url: https://www.mozilla.org/security/advisories/mfsa2020-50/

Url: https://nvd.nist.gov/vuln/detail/CVE-2020-26964

Url: https://bugzilla.mozilla.org/show_bug.cgi?id=1658865

Url: https://security.alpinelinux.org/vuln/CVE-2020-26964

Url: https://www.mend.io/vulnerability-database/CVE-2020-26964

Severity Score

6.8

Weakness Type (CWE)

Insufficient Information

NVD-CWE-noinfo

CVSS v3.1

Base Score:	6.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	NONE

CVSS v2

Base Score:	4.0
Access Vector (AV):	NETWORK
Access Complexity (AC):	HIGH
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	PARTIAL
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2020-26964

Date: December 8, 2020

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?