UBUNTU-CVE-2020-15653
- Source
- https://ubuntu.com/security/CVE-2020-15653
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2020/UBUNTU-CVE-2020-15653.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/UBUNTU-CVE-2020-15653
- Upstream
- Downstream
- Related
- Published
- 2020-07-29T00:00:00Z
- Modified
- 2026-01-30T01:00:40.426130Z
- Severity
-
- 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N CVSS Calculator
- Ubuntu - medium
- Summary
- [none]
- Details
-
An iframe sandbox element with the allow-popups flag could be bypassed when using noopener links. This could have led to security issues for websites relying on sandbox configurations that allowed popups and hosted arbitrary content. This vulnerability affects Firefox ESR < 78.1, Firefox < 79, and Thunderbird < 78.1.
- References
Affected packages
Ubuntu:16.04:LTS
firefox
Package
- Name
- firefox
- Purl
- pkg:deb/ubuntu/firefox@79.0+build1-0ubuntu0.16.04.2?arch=source&distro=xenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed79.0+build1-0ubuntu0.16.04.2
Affected versions
41.*
41.0.2+build2-0ubuntu1
42.*
42.0+build2-0ubuntu1
44.*
44.0+build3-0ubuntu2
44.0.1+build1-0ubuntu1
44.0.2+build1-0ubuntu1
45.*
45.0+build2-0ubuntu1
45.0.1+build1-0ubuntu1
45.0.2+build1-0ubuntu1
46.*
46.0+build5-0ubuntu0.16.04.2
46.0.1+build1-0ubuntu0.16.04.2
47.*
47.0+build3-0ubuntu0.16.04.1
48.*
48.0+build2-0ubuntu0.16.04.1
49.*
49.0+build4-0ubuntu0.16.04.1
49.0.2+build2-0ubuntu0.16.04.2
50.*
50.0+build2-0ubuntu0.16.04.2
50.0.2+build1-0ubuntu0.16.04.1
50.1.0+build2-0ubuntu0.16.04.1
51.*
51.0.1+build2-0ubuntu0.16.04.1
51.0.1+build2-0ubuntu0.16.04.2
52.*
52.0+build2-0ubuntu0.16.04.1
52.0.1+build2-0ubuntu0.16.04.1
52.0.2+build1-0ubuntu0.16.04.1
53.*
53.0+build6-0ubuntu0.16.04.1
53.0.2+build1-0ubuntu0.16.04.2
53.0.3+build1-0ubuntu0.16.04.2
54.*
54.0+build3-0ubuntu0.16.04.1
55.*
55.0.1+build2-0ubuntu0.16.04.2
55.0.2+build1-0ubuntu0.16.04.1
56.*
56.0+build6-0ubuntu0.16.04.1
56.0+build6-0ubuntu0.16.04.2
57.*
57.0+build4-0ubuntu0.16.04.5
57.0+build4-0ubuntu0.16.04.6
57.0.1+build2-0ubuntu0.16.04.1
57.0.3+build1-0ubuntu0.16.04.1
57.0.4+build1-0ubuntu0.16.04.1
58.*
58.0+build6-0ubuntu0.16.04.1
58.0.1+build1-0ubuntu0.16.04.1
58.0.2+build1-0ubuntu0.16.04.1
59.*
59.0+build5-0ubuntu0.16.04.1
59.0.1+build1-0ubuntu0.16.04.1
59.0.2+build1-0ubuntu0.16.04.1
59.0.2+build1-0ubuntu0.16.04.3
60.*
60.0+build2-0ubuntu0.16.04.1
60.0.1+build2-0ubuntu0.16.04.1
60.0.2+build1-0ubuntu0.16.04.1
61.*
61.0+build3-0ubuntu0.16.04.2
61.0.1+build1-0ubuntu0.16.04.1
62.*
62.0+build2-0ubuntu0.16.04.3
62.0+build2-0ubuntu0.16.04.4
62.0+build2-0ubuntu0.16.04.5
62.0.3+build1-0ubuntu0.16.04.2
63.*
63.0+build2-0ubuntu0.16.04.2
63.0.3+build1-0ubuntu0.16.04.1
64.*
64.0+build3-0ubuntu0.16.04.1
65.*
65.0+build2-0ubuntu0.16.04.1
65.0.1+build2-0ubuntu0.16.04.1
66.*
66.0+build3-0ubuntu0.16.04.2
66.0.1+build1-0ubuntu0.16.04.1
66.0.2+build1-0ubuntu0.16.04.1
66.0.3+build1-0ubuntu0.16.04.1
66.0.4+build3-0ubuntu0.16.04.1
66.0.5+build1-0ubuntu0.16.04.1
67.*
67.0+build2-0ubuntu0.16.04.1
67.0.1+build1-0ubuntu0.16.04.1
67.0.2+build2-0ubuntu0.16.04.1
67.0.3+build1-0ubuntu0.16.04.1
67.0.4+build1-0ubuntu0.16.04.1
68.*
68.0+build3-0ubuntu0.16.04.1
68.0.1+build1-0ubuntu0.16.04.1
68.0.2+build1-0ubuntu0.16.04.1
69.*
69.0+build2-0ubuntu0.16.04.4
69.0.1+build1-0ubuntu0.16.04.1
69.0.2+build1-0ubuntu0.16.04.1
70.*
70.0+build2-0ubuntu0.16.04.1
70.0.1+build1-0ubuntu0.16.04.1
71.*
71.0+build5-0ubuntu0.16.04.1
72.*
72.0.1+build1-0ubuntu0.16.04.1
72.0.2+build1-0ubuntu0.16.04.1
73.*
73.0.1+build1-0ubuntu0.16.04.1
74.*
74.0+build3-0ubuntu0.16.04.1
74.0.1+build1-0ubuntu0.16.04.1
75.*
75.0+build3-0ubuntu0.16.04.1
76.*
76.0+build2-0ubuntu0.16.04.1
76.0.1+build1-0ubuntu0.16.04.1
77.*
77.0.1+build1-0ubuntu0.16.04.1
78.*
78.0.1+build1-0ubuntu0.16.04.1
78.0.2+build2-0ubuntu0.16.04.1
Ecosystem specific
{
"availability": "No subscription required",
"binaries": [
{
"binary_name": "firefox",
"binary_version": "79.0+build1-0ubuntu0.16.04.2"
},
{
"binary_name": "firefox-dev",
"binary_version": "79.0+build1-0ubuntu0.16.04.2"
},
{
"binary_name": "firefox-geckodriver",
"binary_version": "79.0+build1-0ubuntu0.16.04.2"
},
{
"binary_name": "firefox-mozsymbols",
"binary_version": "79.0+build1-0ubuntu0.16.04.2"
}
]
}Ubuntu:18.04:LTS
firefox
Package
- Name
- firefox
- Purl
- pkg:deb/ubuntu/firefox@79.0+build1-0ubuntu0.18.04.1?arch=source&distro=bionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed79.0+build1-0ubuntu0.18.04.1
Affected versions
56.*
56.0+build6-0ubuntu1
57.*
57.0.1+build2-0ubuntu1
59.*
59.0.1+build1-0ubuntu1
59.0.2+build1-0ubuntu1
60.*
60.0+build2-0ubuntu1
60.0.1+build2-0ubuntu0.18.04.1
60.0.2+build1-0ubuntu0.18.04.1
61.*
61.0+build3-0ubuntu0.18.04.1
61.0.1+build1-0ubuntu0.18.04.1
62.*
62.0+build2-0ubuntu0.18.04.3
62.0+build2-0ubuntu0.18.04.4
62.0+build2-0ubuntu0.18.04.5
62.0.3+build1-0ubuntu0.18.04.1
63.*
63.0+build2-0ubuntu0.18.04.2
63.0.3+build1-0ubuntu0.18.04.1
64.*
64.0+build3-0ubuntu0.18.04.1
65.*
65.0+build2-0ubuntu0.18.04.1
65.0.1+build2-0ubuntu0.18.04.1
66.*
66.0+build3-0ubuntu0.18.04.1
66.0.1+build1-0ubuntu0.18.04.1
66.0.2+build1-0ubuntu0.18.04.1
66.0.3+build1-0ubuntu0.18.04.1
66.0.4+build3-0ubuntu0.18.04.1
66.0.5+build1-0ubuntu0.18.04.1
67.*
67.0+build2-0ubuntu0.18.04.1
67.0.1+build1-0ubuntu0.18.04.1
67.0.2+build2-0ubuntu0.18.04.1
67.0.3+build1-0ubuntu0.18.04.1
67.0.4+build1-0ubuntu0.18.04.1
68.*
68.0+build3-0ubuntu0.18.04.1
68.0.1+build1-0ubuntu0.18.04.1
68.0.2+build1-0ubuntu0.18.04.1
69.*
69.0+build2-0ubuntu0.18.04.1
69.0.1+build1-0ubuntu0.18.04.1
69.0.2+build1-0ubuntu0.18.04.1
70.*
70.0+build2-0ubuntu0.18.04.1
70.0.1+build1-0ubuntu0.18.04.1
71.*
71.0+build5-0ubuntu0.18.04.1
72.*
72.0.1+build1-0ubuntu0.18.04.1
72.0.2+build1-0ubuntu0.18.04.1
73.*
73.0+build3-0ubuntu0.18.04.1
73.0.1+build1-0ubuntu0.18.04.1
74.*
74.0+build3-0ubuntu0.18.04.1
74.0.1+build1-0ubuntu0.18.04.1
75.*
75.0+build3-0ubuntu0.18.04.1
76.*
76.0+build2-0ubuntu0.18.04.1
76.0.1+build1-0ubuntu0.18.04.1
77.*
77.0.1+build1-0ubuntu0.18.04.1
78.*
78.0.1+build1-0ubuntu0.18.04.1
78.0.2+build2-0ubuntu0.18.04.1
Ecosystem specific
{
"availability": "No subscription required",
"binaries": [
{
"binary_name": "firefox",
"binary_version": "79.0+build1-0ubuntu0.18.04.1"
},
{
"binary_name": "firefox-dev",
"binary_version": "79.0+build1-0ubuntu0.18.04.1"
},
{
"binary_name": "firefox-geckodriver",
"binary_version": "79.0+build1-0ubuntu0.18.04.1"
},
{
"binary_name": "firefox-mozsymbols",
"binary_version": "79.0+build1-0ubuntu0.18.04.1"
}
]
}thunderbird
Package
- Name
- thunderbird
- Purl
- pkg:deb/ubuntu/thunderbird@1:78.8.1+build1-0ubuntu0.18.04.1?arch=source&distro=bionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1:78.8.1+build1-0ubuntu0.18.04.1
Affected versions
1:52.*
1:52.4.0+build1-0ubuntu2
1:52.6.0+build1-0ubuntu1
1:52.7.0+build1-0ubuntu1
1:52.8.0+build1-0ubuntu0.18.04.1
1:52.9.1+build3-0ubuntu0.18.04.1
1:60.*
1:60.2.1+build1-0ubuntu0.18.04.2
1:60.4.0+build2-0ubuntu0.18.04.1
1:60.5.1+build2-0ubuntu0.18.04.1
1:60.6.1+build2-0ubuntu0.18.04.1
1:60.7.0+build1-0ubuntu0.18.04.1
1:60.7.1+build1-0ubuntu0.18.04.1
1:60.7.2+build2-0ubuntu0.18.04.1
1:60.8.0+build1-0ubuntu0.18.04.1
1:60.9.0+build1-0ubuntu0.18.04.1
1:68.*
1:68.2.1+build1-0ubuntu0.18.04.1
1:68.2.2+build1-0ubuntu0.18.04.1
1:68.4.1+build1-0ubuntu0.18.04.1
1:68.7.0+build1-0ubuntu0.18.04.1
1:68.8.0+build2-0ubuntu0.18.04.2
1:68.10.0+build1-0ubuntu0.18.04.1
Ecosystem specific
{
"availability": "No subscription required",
"binaries": [
{
"binary_name": "thunderbird",
"binary_version": "1:78.8.1+build1-0ubuntu0.18.04.1"
},
{
"binary_name": "thunderbird-dev",
"binary_version": "1:78.8.1+build1-0ubuntu0.18.04.1"
},
{
"binary_name": "thunderbird-gnome-support",
"binary_version": "1:78.8.1+build1-0ubuntu0.18.04.1"
},
{
"binary_name": "thunderbird-mozsymbols",
"binary_version": "1:78.8.1+build1-0ubuntu0.18.04.1"
},
{
"binary_name": "xul-ext-calendar-timezones",
"binary_version": "1:78.8.1+build1-0ubuntu0.18.04.1"
},
{
"binary_name": "xul-ext-gdata-provider",
"binary_version": "1:78.8.1+build1-0ubuntu0.18.04.1"
},
{
"binary_name": "xul-ext-lightning",
"binary_version": "1:78.8.1+build1-0ubuntu0.18.04.1"
}
]
}mozjs52
Package
- Name
- mozjs52
- Purl
- pkg:deb/ubuntu/mozjs52@52.9.1-0ubuntu0.18.04.1?arch=source&distro=bionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
52.*
52.3.1-0ubuntu3
52.3.1-7fakesync1
52.8.1-0ubuntu0.18.04.1
52.9.1-0ubuntu0.18.04.1
mozjs38
Package
- Name
- mozjs38
- Purl
- pkg:deb/ubuntu/mozjs38@38.8.0~repack1-0ubuntu4?arch=source&distro=bionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ubuntu:20.04:LTS
firefox
Package
- Name
- firefox
- Purl
- pkg:deb/ubuntu/firefox@79.0+build1-0ubuntu0.20.04.1?arch=source&distro=focal
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed79.0+build1-0ubuntu0.20.04.1
Affected versions
69.*
69.0.3+build1-0ubuntu1
70.*
70.0+build2-0ubuntu1
70.0+build2-0ubuntu2
70.0.1+build1-0ubuntu2
71.*
71.0+build2-0ubuntu2
71.0+build5-0ubuntu1
72.*
72.0.1+build1-0ubuntu1
72.0.2+build1-0ubuntu1
73.*
73.0+build1-0ubuntu1
73.0+build2-0ubuntu1
73.0+build3-0ubuntu1
73.0.1+build1-0ubuntu1
74.*
74.0+build1-0ubuntu1
74.0+build2-0ubuntu1
74.0+build2-0ubuntu2
74.0+build3-0ubuntu1
75.*
75.0+build3-0ubuntu1
76.*
76.0+build2-0ubuntu0.20.04.1
76.0.1+build1-0ubuntu0.20.04.1
77.*
77.0.1+build1-0ubuntu0.20.04.1
78.*
78.0.1+build1-0ubuntu0.20.04.1
78.0.2+build2-0ubuntu0.20.04.1
Ecosystem specific
{
"availability": "No subscription required",
"binaries": [
{
"binary_name": "firefox",
"binary_version": "79.0+build1-0ubuntu0.20.04.1"
},
{
"binary_name": "firefox-dev",
"binary_version": "79.0+build1-0ubuntu0.20.04.1"
},
{
"binary_name": "firefox-geckodriver",
"binary_version": "79.0+build1-0ubuntu0.20.04.1"
},
{
"binary_name": "firefox-mozsymbols",
"binary_version": "79.0+build1-0ubuntu0.20.04.1"
}
]
}thunderbird
Package
- Name
- thunderbird
- Purl
- pkg:deb/ubuntu/thunderbird@1:78.7.1+build1-0ubuntu0.20.04.1?arch=source&distro=focal
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1:78.7.1+build1-0ubuntu0.20.04.1
Affected versions
1:68.*
1:68.1.2+build1-0ubuntu1
1:68.1.2+build1-0ubuntu2
1:68.2.1+build1-0ubuntu1
1:68.2.2+build1-0ubuntu1
1:68.3.0+build2-0ubuntu1
1:68.3.1+build1-0ubuntu2
1:68.4.1+build1-0ubuntu1
1:68.4.2+build2-0ubuntu1
1:68.5.0+build1-0ubuntu1
1:68.6.0+build2-0ubuntu1
1:68.7.0+build1-0ubuntu1
1:68.7.0+build1-0ubuntu2
1:68.8.0+build2-0ubuntu0.20.04.2
1:68.10.0+build1-0ubuntu0.20.04.1
Ecosystem specific
{
"availability": "No subscription required",
"binaries": [
{
"binary_name": "thunderbird",
"binary_version": "1:78.7.1+build1-0ubuntu0.20.04.1"
},
{
"binary_name": "thunderbird-dev",
"binary_version": "1:78.7.1+build1-0ubuntu0.20.04.1"
},
{
"binary_name": "thunderbird-gnome-support",
"binary_version": "1:78.7.1+build1-0ubuntu0.20.04.1"
},
{
"binary_name": "thunderbird-mozsymbols",
"binary_version": "1:78.7.1+build1-0ubuntu0.20.04.1"
},
{
"binary_name": "xul-ext-calendar-timezones",
"binary_version": "1:78.7.1+build1-0ubuntu0.20.04.1"
},
{
"binary_name": "xul-ext-gdata-provider",
"binary_version": "1:78.7.1+build1-0ubuntu0.20.04.1"
},
{
"binary_name": "xul-ext-lightning",
"binary_version": "1:78.7.1+build1-0ubuntu0.20.04.1"
}
]
}mozjs68
Package
- Name
- mozjs68
- Purl
- pkg:deb/ubuntu/mozjs68@68.6.0-1ubuntu1?arch=source&distro=focal
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
mozjs52
Package
- Name
- mozjs52
- Purl
- pkg:deb/ubuntu/mozjs52@52.9.1-1ubuntu3?arch=source&distro=focal
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected