CVEs-PoC/2020/CVE-2020-15652.md

### [CVE-2020-15652](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15652)
![](https://img.shields.io/static/v1?label=Product&message=Firefox%20ESR&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Firefox&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Thunderbird&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=%3C%2068.11%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Version&message=%3C%2079%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=Potential%20leak%20of%20redirect%20targets%20when%20loading%20scripts%20in%20a%20worker&color=brighgreen)

### Description

By observing the stack trace for JavaScript errors in web workers, it was possible to leak the result of a cross-origin redirect. This applied only to content that can be parsed as script. This vulnerability affects Firefox < 79, Firefox ESR < 68.11, Firefox ESR < 78.1, Thunderbird < 68.11, and Thunderbird < 78.1.

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/Live-Hack-CVE/CVE-2020-15652