MFSA2020-48: OAuth session fixation vulnerability in Mozilla VPN
First published: Wed Nov 04 2020(Updated: )
OAuth session fixation vulnerability in Mozilla VPN
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mozilla VPN | <1.1.0 | 1.1.0 |
| Mozilla VPN | <1.0.7 | 1.0.7 |
| Mozilla VPN | <1.2.2 | 1.2.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of MFSA2020-48?
MFSA2020-48 is classified as a high severity vulnerability affecting OAuth session management.
Which versions of Mozilla VPN are affected by MFSA2020-48?
MFSA2020-48 affects Mozilla VPN for Android versions below 1.1.0, iOS versions below 1.0.7, and Windows versions below 1.2.2.
How do I fix MFSA2020-48?
To fix MFSA2020-48, update your Mozilla VPN to Android version 1.1.0, iOS version 1.0.7, or Windows version 1.2.2 or later.
What type of vulnerability is MFSA2020-48?
MFSA2020-48 is an OAuth session fixation vulnerability that can lead to unauthorized access.
Can MFSA2020-48 affect user data?
Yes, MFSA2020-48 can potentially compromise user data by allowing attackers to hijack user sessions.
- agent/type
- agent/last-modified-date
- agent/first-publish-date
- agent/softwarecombine
- agent/title
- agent/references
- agent/severity
- agent/description
- agent/event
- agent/trending
- agent/source
- agent/tags
- collector/mozilla-advisory
- source/Mozilla
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/mozilla
- canonical/mozilla vpn