CVE-2020-26955

Name of the Vulnerable Software and Affected Versions Firefox for Android versions prior to 83

Description The issue occurs when a user downloads a file in Firefox for Android and a cookie is set. In such cases, the cookie would be re-sent during subsequent file download operations on the same domain, regardless of whether the original and subsequent requests were made in private or non-private browsing modes. This issue is specific to Firefox for Android, with other operating systems being unaffected.

Recommendations For Firefox for Android versions prior to 83, update to version 83 or later to resolve the issue. As a temporary workaround, consider restricting the use of cookies for file download operations or clearing cookies after each download to minimize the risk of exploitation.