CVE-2020-6810

MEDIUM Year: 2020
CVSS v3 Score
4.3
Medium
CVSS v2 Score
4.3
Medium
Weakness Type
CWE-290
View all →

Vulnerability Description

After a website had entered fullscreen mode, it could have used a previously opened popup to obscure the notification that indicates the browser is in fullscreen mode. Combined with spoofing the browser chrome, this could have led to confusing the user about the current origin of the page and credential theft or other attacks. This vulnerability affects Firefox < 74.

Related Vulnerabilities

CVE-2018-8383

MEDIUM
CVSS:4.3(Medium)

A spoofing vulnerability exists when Microsoft Edge does not properly parse HTTP content, aka "Microsoft Edge Spoofing Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-...

CWE-2902018

CVE-2018-8388

MEDIUM
CVSS:4.3(Medium)

A spoofing vulnerability exists when Microsoft Edge improperly handles specific HTML content, aka "Microsoft Edge Spoofing Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2...

CWE-2902018

CVE-2018-8425

MEDIUM
CVSS:4.3(Medium)

A spoofing vulnerability exists when Microsoft Edge improperly handles specific HTML content, aka "Microsoft Edge Spoofing Vulnerability." This affects Microsoft Edge.

CWE-2902018

CVE-2019-0608

MEDIUM
CVSS:4.3(Medium)

A spoofing vulnerability exists when Microsoft Browsers does not properly parse HTTP content, aka 'Microsoft Browser Spoofing Vulnerability'. This CVE ID is unique from CVE-2019-1357.

CWE-2902019

CVE-2019-1357

MEDIUM
CVSS:4.3(Medium)

A spoofing vulnerability exists when Microsoft Browsers improperly handle browser cookies, aka 'Microsoft Browser Spoofing Vulnerability'. This CVE ID is unique from CVE-2019-0608.

CWE-2902019

CVE-2019-13701

MEDIUM
CVSS:4.3(Medium)

Incorrect implementation in navigation in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

CWE-2902019