PT-2020-19246 · Mozilla+2 · Firefox+2

Matthew Noorenberghe

Published

2020-04-07

Updated

2024-12-12

CVE-2020-6824

CVSS v3.1

2.8

Low

Vector

AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 75

Description A issue exists where generated passwords in Private Browsing Windows may not be independent. If a user generates a password for a site in a Private Browsing Window, closes the window, and then generates a new password for the same site in a new Private Browsing Window, the generated passwords may be identical.

Recommendations For versions prior to 75, update to version 75 or later to resolve the issue.

Exploit

Fix

Session Fixation

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-384

Related Identifiers

ALT-PU-2020-1760

ALT-PU-2020-2408

ALT-PU-2020-2933

ALT-PU-2020-3442

ALT-PU-2021-1368

ALT-PU-2021-3368

CVE-2020-6824

OPENSUSE-SU-2024:10600-1

OPENSUSE-SU-2024:14572-1

USN-4323-1

Affected Products

Alt Linux

Firefox

Ubuntu

PT-2020-19246 · Mozilla+2 · Firefox+2

CVE-2020-6824

Weakness Enumeration

Related Identifiers

Affected Products

References · 1889