CVE-2020-6824

LOW Year: 2020
CVSS v3 Score
2.8
Low
CVSS v2 Score
1.9
Low
Weakness Type
CWE-384
View all →

Vulnerability Description

Initially, a user opens a Private Browsing Window and generates a password for a site, then closes the Private Browsing Window but leaves Firefox open. Subsequently, if the user had opened a new Private Browsing Window, revisited the same site, and generated a new password - the generated passwords would have been identical, rather than independent. This vulnerability affects Firefox < 75.

Related Vulnerabilities

CVE-2018-16463

LOW
CVSS:3.1(Low)

A bug causing session fixation in Nextcloud Server prior to 14.0.0, 13.0.3 and 12.0.8 could potentially allow an attacker to obtain access to password protected shares.

CWE-3842018

CVE-2025-1412

LOW
CVSS:3.1(Low)

Mattermost versions 9.11.x <= 9.11.6, 10.4.x <= 10.4.1 fail to invalidate all active sessions when converting a user to a bot, with allows the converted user to escalate their privileges depending on ...

CWE-3842025

CVE-2016-9703

LOW
CVSS:2.4(Low)

IBM Security Identity Manager Virtual Appliance does not invalidate session tokens which could allow an unauthorized user with physical access to the work station to obtain sensitive information.

CWE-3842016

CVE-2017-1270

LOW
CVSS:3.3(Low)

IBM Security Guardium 10.0 does not renew a session variable after a successful authentication which could lead to session fixation/hijacking vulnerability. This could force a user to utilize a cookie...

CWE-3842017

CVE-2018-11567

LOW
CVSS:3.3(Low)

Prior to 2018-04-27, the reprompt feature in Amazon Echo devices could be misused by a custom Alexa skill. The reprompt feature is designed so that if Alexa does not receive an input within 8 seconds,...

CWE-3842018

CVE-2018-1962

LOW
CVSS:3.3(Low)

IBM Security Identity Manager 7.0.1 Virtual Appliance does not invalidate session tokens when the logout button is pressed. The lack of proper session termination may allow attackers with local access...

CWE-3842018