CVE-2020-15671Sensitive Information Exposure in Mozilla Firefox FOR Android

CWE-200Sensitive Information ExposureCWE-362Race ConditionCWE-20Improper Input Validation5 documents5 sources
Severity
3.1LOWNVD
EPSS
0.1%
top 65.64%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Mozilla Firefox FOR AndroidMozilla Firefox
Timeline
PublishedOct 1
Latest updateMay 24

Description

When typing in a password under certain conditions, a race may have occured where the InputContext was not being correctly set for the input field, resulting in the typed password being saved to the keyboard dictionary. This vulnerability affects Firefox for Android < 80.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:NExploitability: 1.6 | Impact: 1.4

Affected Packages2 packages

CVEListV5mozilla/firefox_for_androidunspecified80
NVDmozilla/firefox< 80.0

🔴Vulnerability Details

2
GHSA
GHSA-r6xw-ww9g-m6wg: When typing in a password under certain conditions, a race may have occured where the InputContext was not being correctly set for the input field, re2022-05-24
CVEList
CVE-2020-15671: When typing in a password under certain conditions, a race may have occured where the InputContext was not being correctly set for the input field, re2020-10-01

📋Vendor Advisories

2
Debian
CVE-2020-15671: firefox - When typing in a password under certain conditions, a race may have occured wher...2020
Mozilla
Mozilla Foundation Security Advisory 2020-39: CVE-2020-15671
CVE-2020-15671 — Sensitive Information Exposure | cvebase