Lucene search

Veracode Vulnerability DatabaseVERACODE:26951

HistorySep 21, 2020 - 6:27 a.m.

Information Leakage

2020-09-2106:27:23

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

0.008 Low

EPSS

Percentile

81.8%

JSON

firefox is vulnerable to information leakage. A vulnerability exists during the installation of add-ons where the initial fetch ignored the origin attributes of the browsing context. This could leak cookies in private browsing mode or across different “containers” for people who use the Firefox Multi-Account Containers Web Extension.

CPENameOperatorVersion
firefox:bioniceq59.0.2+build1
firefox:xenialeq45.0.2+build1
firefox:bioniceq59.0.2+build1
firefox:xenialeq45.0.2+build1

Name	Operator	Version
firefox:bionic	eq	59.0.2+build1
firefox:xenial	eq	45.0.2+build1
firefox:bionic	eq	59.0.2+build1
firefox:xenial	eq	45.0.2+build1

References

lists.opensuse.org/opensuse-security-announce/2019-10/msg00009.html

lists.opensuse.org/opensuse-security-announce/2019-10/msg00010.html

lists.opensuse.org/opensuse-security-announce/2019-10/msg00011.html

lists.opensuse.org/opensuse-security-announce/2019-10/msg00017.html

bugzilla.mozilla.org/show_bug.cgi?id=1528335

security.gentoo.org/glsa/201908-12

www.mozilla.org/security/advisories/mfsa2019-21/

0.008 Low

EPSS

Percentile

81.8%

JSON

Related for VERACODE:26951