CVE-2020-26955

Summary

When a user downloaded a file in Firefox for Android, if a cookie is set, it would have been re-sent during a subsequent file download operation on the same domain, regardless of whether the original and subsequent request were in private and non-private browsing modes. Note: This issue only affected Firefox for Android. Other operating systems are unaffected.. This vulnerability affects Firefox < 83.

Affected Software

VendorProductVersion RangeStatus
MozillaFirefox< 83affected

Weaknesses

  • Cookies set during file downloads are shared between normal and Private Browsing Mode in Firefox for Android

ADP Enrichment

CVE Program Container

Additional References

References