Note:
This project will be discontinued after December 13, 2021. [more]
2020-04-24
Initially, a user opens a Private Browsing Window and generates a password for a site, then closes the Private Browsing Window but leaves Firefox open. Subsequently, if the user had opened a new Private Browsing Window, revisited the same site, and generated a new password - the generated passwords would have been identical, rather than independent. This vulnerability affects Firefox < 75.
Products | Firefox |
Type | Session Fixation (CWE-384) |
First patch | - None (likely due to unavailable code) |
Links |
• https://bugzilla.mozilla.org/show_bug.cgi?id=1621853
• https://www.mozilla.org/security/advisories/mfsa2020-12/ |