Session Fixation

CVE-2020-6824

Low

1.9/10

Summary

Initially, a user opens a Private Browsing Window and generates a password for a site, then closes the Private Browsing Window but leaves Firefox open. Subsequently, if the user had opened a new Private Browsing Window, revisited the same site, and generated a new password - the generated passwords would have been identical, rather than independent. This vulnerability affects Firefox < 75.

Access Complexity: MEDIUM
AccessVector: LOCAL
Authentication: NONE
Integrity Impact: NONE
Confidentiality Impact: PARTIAL
Availability Impact: NONE

CWE-384 - Session Fixation

Authenticating a user, or otherwise establishing a new user session, without invalidating any existing session identifier gives an attacker the opportunity to steal authenticated sessions.

References

Advisory Timeline

Published Apr 24, 2020

Session Fixation

CVE-2020-6824

Summary

CWE-384 - Session Fixation

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS