{"api_version":"1","generated_at":"2026-04-23T04:10:01+00:00","cve":"CVE-2020-15665","urls":{"html":"https://cve.report/CVE-2020-15665","api":"https://cve.report/api/cve/CVE-2020-15665.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2020-15665","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2020-15665"},"summary":{"title":"CVE-2020-15665","description":"Firefox did not reset the address bar after the beforeunload dialog was shown if the user chose to remain on the page. This could have resulted in an incorrect URL being shown when used in conjunction with other unexpected browser behaviors. This vulnerability affects Firefox < 80.","state":"PUBLIC","assigner":"security@mozilla.org","published_at":"2020-10-01 19:15:00","updated_at":"2020-10-13 17:00:00"},"problem_types":["NVD-CWE-Other"],"metrics":[],"references":[{"url":"https://www.mozilla.org/security/advisories/mfsa2020-36/","name":"https://www.mozilla.org/security/advisories/mfsa2020-36/","refsource":"MISC","tags":["Release Notes","Vendor Advisory"],"title":"Security Vulnerabilities fixed in Firefox 80 — Mozilla","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1651636","name":"https://bugzilla.mozilla.org/show_bug.cgi?id=1651636","refsource":"MISC","tags":["Exploit","Issue Tracking","Vendor Advisory"],"title":"1651636 - (CVE-2020-15665) Clicking \"stay on page\" (ie cancelling) in beforeunload dialogs should cause us to reset the URL bar","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2020-15665","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-15665","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2020","cve_id":"15665","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mozilla","cpe5":"firefox","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"15665","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mozilla","cpe5":"firefox","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2020-15665","qid":"500953","title":"Alpine Linux Security Update for firefox"},{"cve":"CVE-2020-15665","qid":"503838","title":"Alpine Linux Security Update for firefox"}]},"source_records":{"cve_program":{"data_type":"CVE","data_format":"MITRE","data_version":"4.0","CVE_data_meta":{"ID":"CVE-2020-15665","ASSIGNER":"security@mozilla.org","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"vendor_name":"Mozilla","product":{"product_data":[{"product_name":"Firefox","version":{"version_data":[{"version_value":"80","version_affected":"<"}]}}]}}]}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Address bar not reset when choosing to stay on a page after the beforeunload dialog is shown"}]}]},"references":{"reference_data":[{"url":"https://www.mozilla.org/security/advisories/mfsa2020-36/","refsource":"MISC","name":"https://www.mozilla.org/security/advisories/mfsa2020-36/"},{"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1651636","refsource":"MISC","name":"https://bugzilla.mozilla.org/show_bug.cgi?id=1651636"}]},"description":{"description_data":[{"lang":"eng","value":"Firefox did not reset the address bar after the beforeunload dialog was shown if the user chose to remain on the page. This could have resulted in an incorrect URL being shown when used in conjunction with other unexpected browser behaviors. This vulnerability affects Firefox < 80."}]}},"nvd":{"publishedDate":"2020-10-01 19:15:00","lastModifiedDate":"2020-10-13 17:00:00","problem_types":["NVD-CWE-Other"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE","baseScore":4.3,"baseSeverity":"MEDIUM"},"exploitabilityScore":2.8,"impactScore":1.4},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE","baseScore":4.3},"severity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*","versionEndExcluding":"80.0","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2020","CveId":"15665","Ordinal":"177063","Title":"CVE-2020-15665","CVE":"CVE-2020-15665","Year":"2020"},"notes":[{"CveYear":"2020","CveId":"15665","Ordinal":"1","NoteData":"Firefox did not reset the address bar after the beforeunload dialog was shown if the user chose to remain on the page. This could have resulted in an incorrect URL being shown when used in conjunction with other unexpected browser behaviors. This vulnerability affects Firefox < 80.","Type":"Description","Title":null},{"CveYear":"2020","CveId":"15665","Ordinal":"2","NoteData":"2020-10-01","Type":"Other","Title":"Published"},{"CveYear":"2020","CveId":"15665","Ordinal":"3","NoteData":"2020-10-01","Type":"Other","Title":"Modified"}]}}}