Lucene search

Alpine Linux Development TeamALPINE:CVE-2020-26965

HistoryDec 09, 2020 - 1:15 a.m.

CVE-2020-26965

2020-12-0901:15:13

Alpine Linux Development Team

security.alpinelinux.org

700

websites

show password

textbook field

vulnerability

firefox

thunderbird

software keyboard

keyboard layout change

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

AI Score

7.2

Confidence

High

EPSS

0.001

Percentile

48.0%

JSON

Some websites have a feature “Show Password” where clicking a button will change a password field into a textbook field, revealing the typed password. If, when using a software keyboard that remembers user input, a user typed their password and used that feature, the type of the password field was changed, resulting in a keyboard layout change and the possibility for the software keyboard to remember the typed password. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5.

OSVersionArchitecturePackageVersionFilename
Alpineedge-communitynoarchfirefox-esr< 78.5.0-r0UNKNOWN
Alpineedge-communitynoarchfirefox< 83.0-r0UNKNOWN
Alpineedge-communitynoarchlibrewolf< 83.0-r0UNKNOWN
Alpineedge-communitynoarchthunderbird< 78.5.1-r0UNKNOWN
Alpine3.12-communitynoarchfirefox-esr< 78.5.0-r0UNKNOWN
Alpine3.12-communitynoarchfirefox< 83.0-r0UNKNOWN
Alpine3.13-communitynoarchfirefox-esr< 78.5.0-r0UNKNOWN
Alpine3.13-communitynoarchfirefox< 83.0-r0UNKNOWN
Alpine3.14-communitynoarchfirefox-esr< 78.5.0-r0UNKNOWN
Alpine3.14-communitynoarchfirefox< 83.0-r0UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Alpine	edge-community	noarch	firefox-esr	< 78.5.0-r0	UNKNOWN
Alpine	edge-community	noarch	firefox	< 83.0-r0	UNKNOWN
Alpine	edge-community	noarch	librewolf	< 83.0-r0	UNKNOWN
Alpine	edge-community	noarch	thunderbird	< 78.5.1-r0	UNKNOWN
Alpine	3.12-community	noarch	firefox-esr	< 78.5.0-r0	UNKNOWN
Alpine	3.12-community	noarch	firefox	< 83.0-r0	UNKNOWN
Alpine	3.13-community	noarch	firefox-esr	< 78.5.0-r0	UNKNOWN
Alpine	3.13-community	noarch	firefox	< 83.0-r0	UNKNOWN
Alpine	3.14-community	noarch	firefox-esr	< 78.5.0-r0	UNKNOWN
Alpine	3.14-community	noarch	firefox	< 83.0-r0	UNKNOWN