SB2020031413 - Spoofing attack in firefox (Alpine package)
Published: March 14, 2020
Security Bulletin ID
SB2020031413
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Data manipulation
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Spoofing attack (CVE-ID: CVE-2020-6810)
The vulnerability allows a remote attacker to perform spoofing attack.
After a website had entered fullscreen mode, it could have used a previously opened popup to obscure the notification that indicates the browser is in fullscreen mode. Combined with spoofing the browser chrome, this could have led to confusing the user about the current origin of the page and credential theft or other attacks.
Remediation
Install update from vendor's website.