CVE-2020-26965

MEDIUM Year: 2020
CVSS v3 Score
6.5
Medium
CVSS v2 Score
4.3
Medium
Weakness Type
CWE-212
View all →

Vulnerability Description

Some websites have a feature "Show Password" where clicking a button will change a password field into a textbook field, revealing the typed password. If, when using a software keyboard that remembers user input, a user typed their password and used that feature, the type of the password field was changed, resulting in a keyboard layout change and the possibility for the software keyboard to remember the typed password. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5.

Related Vulnerabilities

CVE-2020-14301

MEDIUM
CVSS:6.5(Medium)

An information disclosure vulnerability was found in libvirt in versions before 6.3.0. HTTP cookies used to access network-based disks were saved in the XML dump of the guest domain. This flaw allows ...

CWE-2122020

CVE-2021-26341

MEDIUM
CVSS:6.5(Medium)

Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result in data leakage.

CWE-2122021

CVE-2022-25187

MEDIUM
CVSS:6.5(Medium)

Jenkins Support Core Plugin 2.79 and earlier does not redact some sensitive information in the support bundle.

CWE-2122022

CVE-2022-29900

MEDIUM
CVSS:6.5(Medium)

Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions.

CWE-2122022

CVE-2024-31493

MEDIUM
CVSS:6.5(Medium)

An improper removal of sensitive information before storage or transfer vulnerability [CWE-212] in FortiSOAR version 7.3.0, version 7.2.2 and below, version 7.0.3 and below may allow an authenticated ...

CWE-2122024

CVE-2024-56353

MEDIUM
CVSS:6.5(Medium)

In JetBrains TeamCity before 2024.12 backup file exposed user credentials and session cookies

CWE-2122024