CVE-2020-26965 — Improper Removal of Sensitive Information Before Storage or Transfer in Mozilla Firefox
Severity
6.5MEDIUMNVD
EPSS
0.4%
top 36.57%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedDec 9
Latest updateMay 24
Description
Some websites have a feature "Show Password" where clicking a button will change a password field into a textbook field, revealing the typed password. If, when using a software keyboard that remembers user input, a user typed their password and used that feature, the type of the password field was changed, resulting in a keyboard layout change and the possibility for the software keyboard to remember the typed password. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird…
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6
Affected Packages7 packages
🔴Vulnerability Details
3GHSA▶
GHSA-jmhj-34rw-524w: Some websites have a feature "Show Password" where clicking a button will change a password field into a textbook field, revealing the typed password↗2022-05-24
OSV▶
CVE-2020-26965: Some websites have a feature "Show Password" where clicking a button will change a password field into a textbook field, revealing the typed password↗2020-12-09
CVEList▶
CVE-2020-26965: Some websites have a feature "Show Password" where clicking a button will change a password field into a textbook field, revealing the typed password↗2020-12-09
📋Vendor Advisories
8Debian▶
CVE-2020-26965: firefox - Some websites have a feature "Show Password" where clicking a button will change...↗2020