Main Vulnerability Database Vulnerabilities #VU46260

#VU46260 Race condition in Firefox for Android - CVE-2020-15671

Published: September 3, 2020

Vulnerability identifier: #VU46260

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2020-15671

CWE-ID: CWE-362

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
Firefox for Android

Software vendor:
Mozilla

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to a race condition when saving passwords. When typing in a password under certain conditions, a race may have occured where the InputContext was not being correctly set for the input field, resulting in the typed passwod being saved to the keyboard dictionary.

Remediation

Install updates from vendor's website.

External links

https://www.mozilla.org/en-US/security/advisories/mfsa2020-39/

#VU46260 Race condition in Firefox for Android - CVE-2020-15671

Description

Remediation

External links

Please verify you're human