Main Vulnerability Database Vulnerabilities #VU26652

#VU26652 Weak password requirements in Mozilla Firefox - CVE-2020-6824

Published: April 7, 2020

Vulnerability identifier: #VU26652

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:P/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2020-6824

CWE-ID: CWE-521

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
Mozilla Firefox

Software vendor:
Mozilla

Description

The vulnerability allows a local user to gain access to another user password.

The vulnerability exists due to incorrect behavior of password generator when private browsing mode is user. If the victim had used password generator in a Private Browsing Window to generate a password and then closed the private window while leaving Firefox open, the attacker can open another private browsing session, visit the same website and Firefox will generate identical password.

Remediation

Install updates from vendor's website.

External links

https://www.mozilla.org/en-US/security/advisories/mfsa2020-12/

#VU26652 Weak password requirements in Mozilla Firefox - CVE-2020-6824

Description

Remediation

External links

Please verify you're human