CVE-2020-15671

LOW

Firefox for Android < 80.0 - Password Exposure via InputContext Race Condition

Title source: llm
STIX 2.1

Description

When typing in a password under certain conditions, a race may have occured where the InputContext was not being correctly set for the input field, resulting in the typed password being saved to the keyboard dictionary. This vulnerability affects Firefox for Android < 80.

References (2)

Core 2
Core References
Release Notes, Vendor Advisory x_refsource_misc
https://www.mozilla.org/security/advisories/mfsa2020-39/
Issue Tracking, Permissions Required, Vendor Advisory x_refsource_misc
https://bugzilla.mozilla.org/show_bug.cgi?id=1653862

Scores

CVSS v3 3.1
EPSS 0.0049
EPSS Percentile 38.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N

Details

CWE
CWE-200 CWE-362
Status published
Products (1)
mozilla/firefox < 80.0
Published Oct 01, 2020
Tracked Since Feb 18, 2026