SB2020112913 - Resource management error in firefox (Alpine package)
Published: November 29, 2020
Security Bulletin ID
SB2020112913
Severity
Medium
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Information disclosure
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Resource management error (CVE-ID: CVE-2020-26955)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to the way cookies are handled during file downloads. When a user downloaded a file in Firefox for Android, if a cookie is set, it would have been re-sent during a subsequent file download operation on the same domain, regardless of whether the original and subsequent request were in private and non-private browsing modes.
Remediation
Install update from vendor's website.