CVE-2020-26955 : What You Need to Know
Learn about CVE-2020-26955, a Firefox for Android vulnerability allowing cookie sharing between private and non-private browsing modes. Find out the impact, affected versions, and mitigation steps.
Firefox for Android vulnerability allowing cookie sharing between browsing modes.
Understanding CVE-2020-26955
What is CVE-2020-26955?
- Vulnerability in Firefox for Android allowing cookies to be shared between private and non-private browsing modes.
- Limited to Firefox for Android, affecting versions below 83.
The Impact of CVE-2020-26955
- Risk of unauthorized cookie access and potential privacy breaches on Firefox for Android.
Technical Details of CVE-2020-26955
Vulnerability Description
- Cookies set during file downloads are shared between normal and Private Browsing Mode in Firefox for Android.
Affected Systems and Versions
- Product: Firefox
- Vendor: Mozilla
- Versions Affected: < 83
Exploitation Mechanism
- Cookie re-sent during subsequent file downloads on the same domain, regardless of browsing mode.
Mitigation and Prevention
Immediate Steps to Take
- Update Firefox for Android to version 83 or higher.
- Clear cookies and browsing data regularly.
Long-Term Security Practices
- Use separate profiles for private and non-private browsing.
- Be cautious when downloading files with sensitive information.
- Regularly review and adjust browser privacy settings.
Patching and Updates
- Mozilla has released fixes in Firefox version 83 to address this vulnerability.