CVE-2020-6824
LOWFirefox < 75.0 - Session Fixation via Password Generation in Private Browsing Mode
Title source: llmDescription
Initially, a user opens a Private Browsing Window and generates a password for a site, then closes the Private Browsing Window but leaves Firefox open. Subsequently, if the user had opened a new Private Browsing Window, revisited the same site, and generated a new password - the generated passwords would have been identical, rather than independent. This vulnerability affects Firefox < 75.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_misc
https://www.mozilla.org/security/advisories/mfsa2020-12/
Issue Tracking, Permissions Required x_refsource_misc
https://bugzilla.mozilla.org/show_bug.cgi?id=1621853
Scores
CVSS v3
2.8
EPSS
0.0027
EPSS Percentile
18.8%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
Details
CWE
CWE-384
Status
published
Products (1)
mozilla/firefox
< 75.0
Published
Apr 24, 2020
Tracked Since
Feb 18, 2026