Main Vulnerability Database SB20200407133

SB20200407133 - Weak password requirements in firefox (Alpine package)

Published: April 7, 2020

Security Bulletin ID SB20200407133

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Physical access

Highest impact Information disclosure

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Weak password requirements (CVE-ID: CVE-2020-6824)

The vulnerability allows a local user to gain access to another user password.

The vulnerability exists due to incorrect behavior of password generator when private browsing mode is user. If the victim had used password generator in a Private Browsing Window to generate a password and then closed the private window while leaving Firefox open, the attacker can open another private browsing session, visit the same website and Firefox will generate identical password.

Remediation

Install update from vendor's website.

References

https://git.alpinelinux.org/aports/commit/?id=3f24b0ed71ac2a532796e4f065c755d1e92a6858