CVE-2020-26965

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Some websites have a feature "Show Password" where clicking a button will change a password field into a textbook field, revealing the typed password. If, when using a software keyboard that remembers user input, a user typed their password and used that feature, the type of the password field was changed, resulting in a keyboard layout change and the possibility for the software keyboard to remember the typed password. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5.

References

https://bugzilla.mozilla.org/show_bug.cgi?id=1661617

https://www.mozilla.org/security/advisories/mfsa2020-50/

https://www.mozilla.org/security/advisories/mfsa2020-51/

https://www.mozilla.org/security/advisories/mfsa2020-52/

Details

Source: MITRE

Published: 2020-12-09

Updated: 2020-12-10

Type: CWE-212

Risk Information

CVSS v2

Base Score: 4.3

Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

Impact Score: 2.9

Exploitability Score: 8.6

Severity: MEDIUM

CVSS v3

Base Score: 6.5

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Impact Score: 3.6

Exploitability Score: 2.8

Severity: MEDIUM

Tenable Plugins

View all (54 total)

IDNameProductFamilySeverity
150523SUSE SLES11 Security Update : MozillaFirefox (SUSE-SU-2020:14548-1)NessusSuSE Local Security Checks
high
149335NewStart CGSL CORE 5.04 / MAIN 5.04 : thunderbird Multiple Vulnerabilities (NS-SA-2021-0025)NessusNewStart CGSL Local Security Checks
high
147399NewStart CGSL CORE 5.04 / MAIN 5.04 : firefox Multiple Vulnerabilities (NS-SA-2021-0018)NessusNewStart CGSL Local Security Checks
high
147352NewStart CGSL MAIN 6.02 : firefox Multiple Vulnerabilities (NS-SA-2021-0065)NessusNewStart CGSL Local Security Checks
high
147286NewStart CGSL MAIN 6.02 : thunderbird Multiple Vulnerabilities (NS-SA-2021-0081)NessusNewStart CGSL Local Security Checks
high
146200Oracle Linux 6 : firefox (ELSA-2020-5257)NessusOracle Linux Local Security Checks
high
146197Oracle Linux 6 : thunderbird (ELSA-2020-5238)NessusOracle Linux Local Security Checks
high
145963CentOS 8 : firefox (CESA-2020:5237)NessusCentOS Local Security Checks
high
145368openSUSE Security Update : MozillaFirefox (openSUSE-2020-2315)NessusSuSE Local Security Checks
high
145070RHEL 8 : firefox (RHSA-2020:5314)NessusRed Hat Local Security Checks
high
144798Amazon Linux 2 : thunderbird (ALAS-2021-1586)NessusAmazon Linux Local Security Checks
high
144004CentOS 7 : firefox (CESA-2020:5239)NessusCentOS Local Security Checks
high
143910CentOS 7 : thunderbird (CESA-2020:5235)NessusCentOS Local Security Checks
high
143745SUSE SLED15 / SLES15 Security Update : MozillaFirefox (SUSE-SU-2020:3383-1)NessusSuSE Local Security Checks
high
143741SUSE SLES12 Security Update : MozillaFirefox (SUSE-SU-2020:3548-1)NessusSuSE Local Security Checks
high
143723SUSE SLED15 / SLES15 Security Update : MozillaFirefox (SUSE-SU-2020:3458-1)NessusSuSE Local Security Checks
high
143540openSUSE Security Update : MozillaThunderbird (openSUSE-2020-2187)NessusSuSE Local Security Checks
high
143531GLSA-202012-04 : Mozilla Thunderbird: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
143494GLSA-202012-03 : Mozilla Firefox: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
143378Oracle Linux 7 : firefox (ELSA-2020-5239)NessusOracle Linux Local Security Checks
high
143377Oracle Linux 8 : firefox (ELSA-2020-5237)NessusOracle Linux Local Security Checks
high
143372Oracle Linux 8 : thunderbird (ELSA-2020-5236)NessusOracle Linux Local Security Checks
high
143371Scientific Linux Security Update : firefox on SL6.x i686/x86_64 (2020:5257)NessusScientific Linux Local Security Checks
high
143370RHEL 7 : firefox (RHSA-2020:5239)NessusRed Hat Local Security Checks
high
143369RHEL 7 : thunderbird (RHSA-2020:5235)NessusRed Hat Local Security Checks
high
143368Oracle Linux 7 : thunderbird (ELSA-2020-5235)NessusOracle Linux Local Security Checks
high
143366RHEL 6 : firefox (RHSA-2020:5257)NessusRed Hat Local Security Checks
high
143365RHEL 8 : firefox (RHSA-2020:5237)NessusRed Hat Local Security Checks
high
143361Scientific Linux Security Update : thunderbird on SL6.x i686/x86_64 (2020:5238)NessusScientific Linux Local Security Checks
high
143360Scientific Linux Security Update : firefox on SL7.x x86_64 (2020:5239)NessusScientific Linux Local Security Checks
high
143359Scientific Linux Security Update : thunderbird on SL7.x i686/x86_64 (2020:5235)NessusScientific Linux Local Security Checks
high
143357openSUSE Security Update : MozillaThunderbird (openSUSE-2020-2096)NessusSuSE Local Security Checks
high
143352openSUSE Security Update : MozillaFirefox (openSUSE-2020-2020)NessusSuSE Local Security Checks
high
143340openSUSE Security Update : MozillaFirefox (openSUSE-2020-2031)NessusSuSE Local Security Checks
high
143281RHEL 8 : thunderbird (RHSA-2020:5232)NessusRed Hat Local Security Checks
high
143280RHEL 8 : firefox (RHSA-2020:5233)NessusRed Hat Local Security Checks
high
143279RHEL 8 : thunderbird (RHSA-2020:5231)NessusRed Hat Local Security Checks
high
143278RHEL 6 : thunderbird (RHSA-2020:5238)NessusRed Hat Local Security Checks
high
143277RHEL 8 : thunderbird (RHSA-2020:5240)NessusRed Hat Local Security Checks
high
143276RHEL 8 : thunderbird (RHSA-2020:5236)NessusRed Hat Local Security Checks
high
143275RHEL 8 : firefox (RHSA-2020:5234)NessusRed Hat Local Security Checks
high
143267Ubuntu 20.10 : Thunderbird vulnerabilities (USN-4647-1)NessusUbuntu Local Security Checks
high
143224Debian DLA-2464-1 : thunderbird security updateNessusDebian Local Security Checks
high
143191Debian DSA-4796-1 : thunderbird - security updateNessusDebian Local Security Checks
high
143133Debian DLA-2457-1 : firefox-esr security updateNessusDebian Local Security Checks
high
143130Debian DSA-4793-1 : firefox-esr - security updateNessusDebian Local Security Checks
high
143127Ubuntu 16.04 LTS : Firefox vulnerabilities (USN-4637-2)NessusUbuntu Local Security Checks
high
143121Ubuntu 18.04 LTS / 20.04 LTS / 20.10 : Firefox vulnerabilities (USN-4637-1)NessusUbuntu Local Security Checks
high
143059Mozilla Thunderbird < 78.5NessusMacOS X Local Security Checks
high
143058Mozilla Thunderbird < 78.5NessusWindows
high
142913Mozilla Firefox ESR < 78.5NessusWindows
high
142912Mozilla Firefox ESR < 78.5NessusMacOS X Local Security Checks
high
142911Mozilla Firefox < 83.0NessusMacOS X Local Security Checks
high
142910Mozilla Firefox < 83.0NessusWindows
high