CVE-2020-26976

CVE-2020-26976

Name

CVE-2020-26976

Description

When a HTTPS pages was embedded in a HTTP page, and there was a service worker registered for the former, the service worker could have intercepted the request for the secure page despite the iframe not being a secure context due to the (insecure) framing. This vulnerability affects Firefox < 84.

NVD Severity

medium

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
Vendor Advisory	https://www.mozilla.org/security/advisories/mfsa2020-54/
Issue Tracking	https://bugzilla.mozilla.org/show_bug.cgi?id=1674343
Third Party Advisory	https://www.debian.org/security/2021/dsa-4840
Third Party Advisory	https://security.gentoo.org/glsa/202102-02
Third Party Advisory	https://www.debian.org/security/2021/dsa-4842
Mailing List	https://lists.debian.org/debian-lts-announce/2021/02/msg00001.html
Mailing List	https://lists.debian.org/debian-lts-announce/2021/02/msg00002.html

Type

URI

Vendor Advisory

https://www.mozilla.org/security/advisories/mfsa2020-54/

Issue Tracking

https://bugzilla.mozilla.org/show_bug.cgi?id=1674343

Third Party Advisory

https://www.debian.org/security/2021/dsa-4840

Third Party Advisory

https://security.gentoo.org/glsa/202102-02

Third Party Advisory

https://www.debian.org/security/2021/dsa-4842