Vulnerability CVE-2020-26965: Information

Description

Some websites have a feature "Show Password" where clicking a button will change a password field into a textbook field, revealing the typed password. If, when using a software keyboard that remembers user input, a user typed their password and used that feature, the type of the password field was changed, resulting in a keyboard layout change and the possibility for the software keyboard to remember the typed password. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5.

Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

URL: https://nvd.nist.gov/vuln/detail/CVE-2020-26965
Published: Dec. 9, 2020
Modified: Dec. 10, 2020
Error type identifier: CWE-212

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
firefoxsisyphus83.0-alt1127.0-alt1ALT-PU-2020-3384-1261953Fixed
firefoxp1083.0-alt1118.0.2-alt0.p10.1ALT-PU-2020-3384-1261953Fixed
firefoxp993.0-alt0.p9.1105.0.1-alt0.c9.1ALT-PU-2022-1782-1288073Fixed
firefoxc10f183.0-alt1112.0.2-alt0.p10.1ALT-PU-2020-3384-1261953Fixed
firefoxc9f293.0-alt0.p9.1105.0.1-alt0.c9.1ALT-PU-2021-3368-1288792Fixed
firefoxp1183.0-alt1126.0.1-alt1ALT-PU-2020-3384-1261953Fixed
firefox-esrsisyphus78.5.0-alt1115.11.0-alt1ALT-PU-2020-3340-1261946Fixed
firefox-esrp1091.1.0-alt1115.11.0-alt1ALT-PU-2021-2881-1284980Fixed
firefox-esrp978.5.0-alt0.1.p9102.11.0-alt0.c9.1ALT-PU-2020-3379-1261955Fixed
firefox-esrc10f191.1.0-alt1115.9.1-alt0.c10.1ALT-PU-2021-2881-1284980Fixed
firefox-esrc9f291.3.0-alt1.c9.1102.12.0-alt0.c9.1ALT-PU-2021-3369-1288792Fixed
firefox-esrp1178.5.0-alt1115.11.0-alt1ALT-PU-2020-3340-1261946Fixed
thunderbirdsisyphus78.5.0-alt1115.9.0-alt1ALT-PU-2020-3386-1262148Fixed
thunderbirdp1078.5.0-alt1115.9.0-alt1ALT-PU-2020-3386-1262148Fixed
thunderbirdp978.5.0-alt0.1.p9102.11.0-alt0.c9.1ALT-PU-2020-3424-1262218Fixed
thunderbirdc10f178.5.0-alt1115.9.0-alt0.c10.1ALT-PU-2020-3386-1262148Fixed
thunderbirdc9f278.7.0-alt0.1.c9102.11.0-alt0.c9.1ALT-PU-2021-1369-1264611Fixed
thunderbirdp1178.5.0-alt1115.9.0-alt1ALT-PU-2020-3386-1262148Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://www.mozilla.org/security/advisories/mfsa2020-50/
  • Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2020-51/
  • Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2020-52/
  • Vendor Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=1661617
  • Issue Tracking
  • Permissions Required
  • Vendor Advisory

    1. Configuration 1

      cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
      End excliding
      83.0
      cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*
      End excliding
      78.5
      cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
      End excliding
      78.5
VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
Version: v24.5.3
Back to top