Main Vulnerability Database Vulnerabilities #VU26652

Weak password requirements in Mozilla Firefox - CVE-2020-6824

Published: April 7, 2020

Vulnerability identifier: #VU26652

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:P/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2020-6824

CWE-ID: CWE-521

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: Mozilla

Affected software:
Mozilla Firefox

Detailed vulnerability description

The vulnerability allows a local user to gain access to another user password.

The vulnerability exists due to incorrect behavior of password generator when private browsing mode is user. If the victim had used password generator in a Private Browsing Window to generate a password and then closed the private window while leaving Firefox open, the attacker can open another private browsing session, visit the same website and Firefox will generate identical password.

How to mitigate CVE-2020-6824

Install updates from vendor's website.

Sources

https://www.mozilla.org/en-US/security/advisories/mfsa2020-12/

Weak password requirements in Mozilla Firefox - CVE-2020-6824

Detailed vulnerability description

How to mitigate CVE-2020-6824

Sources

Please verify you're human