CVE-2020-15679
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2020-15679
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
An OAuth session fixation vulnerability existed in the VPN login flow, where an attacker could craft a custom login URL, convince a VPN user to login via that URL, and obtain authenticated access as that user. This issue is limited to cases where attacker and victim are sharing the same source IP and could allow the ability to view session states and disconnect VPN sessions. This vulnerability affects Mozilla VPN iOS 1.0.7 < (929), Mozilla VPN Windows < 1.2.2, and Mozilla VPN Android 1.1.0 < (1360).
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Mozilla VPN 授权问题漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Mozilla VPN是美国Mozilla基金会的开源虚拟专用网络Web浏览器扩展,桌面应用程序和移动应用程序。 Mozilla VPN iOS 1.0.7(929)之前版本、Mozilla VPN Windows 1.2.2之前版本和Mozilla VPN Android 1.1.0(1360)之前版本存在安全漏洞,该漏洞源于登录流程中存在OAuth会话固定漏洞,攻击者可以在其中制作自定义登录URL,诱使VPN用户通过该URL登录,并以该用户身份获得经过身份验证的访问权限。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Mozilla | Mozilla VPN iOS 1.0.7 | unspecified ~ (929) | - | |
| Mozilla | Mozilla VPN Windows | unspecified ~ 1.2.2 | - | |
| Mozilla | Mozilla VPN Android 1.1.0 | unspecified ~ (1360) | - |
II. Public POCs for CVE-2020-15679
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2020-15679
请登录查看更多情报信息。
Same Patch Batch · Mozilla · 2022-12-22 · 175 CVEs total
| CVE-2022-36319 | Mozilla Firefox 安全漏洞 | |
| CVE-2022-34481 | Mozilla Firefox 输入验证错误漏洞 | |
| CVE-2022-34482 | Mozilla Firefox 安全漏洞 | |
| CVE-2022-34483 | Mozilla Firefox 安全漏洞 | |
| CVE-2022-34484 | Mozilla Firefox 资源管理错误漏洞 | |
| CVE-2022-34485 | Mozilla Firefox 缓冲区错误漏洞 | |
| CVE-2022-36314 | Mozilla Firefox 代码问题漏洞 | |
| CVE-2022-36315 | Mozilla Firefox 资源管理错误漏洞 | |
| CVE-2022-36316 | Mozilla Firefox 输入验证错误漏洞 | |
| CVE-2022-36317 | Mozilla Firefox 输入验证错误漏洞 | |
| CVE-2022-36318 | Mozilla Firefox 竞争条件问题漏洞 | |
| CVE-2022-38475 | Mozilla Firefox 安全漏洞 | |
| CVE-2022-40957 | Mozilla Firefox 安全漏洞 | |
| CVE-2022-40956 | Mozilla Firefox 跨站脚本漏洞 | |
| CVE-2022-38478 | Mozilla Firefox 缓冲区错误漏洞 | |
| CVE-2022-38477 | Mozilla Firefox 缓冲区错误漏洞 | |
| CVE-2022-38476 | Mozilla Firefox ESR 资源管理错误漏洞 | |
| CVE-2022-38473 | Mozilla Firefox 安全漏洞 | |
| CVE-2022-36320 | Mozilla Firefox 缓冲区错误漏洞 | |
| CVE-2022-38472 | Mozilla Firefox 访问控制错误漏洞 |
Showing top 20 of 175 CVEs. View all on vendor page → →
IV. Related Vulnerabilities
Same vendor: Mozilla
- CVE-2026-8093
Memory safety bugs fixed in Thunderbird 150.0.2 - CVE-2026-8094
Other issue in the WebRTC component - CVE-2026-8092
Memory safety bugs fixed in Thunderbird ESR 140.10.2 and Thu - CVE-2026-8091
Incorrect boundary conditions in the Audio/Video: Playback c - CVE-2026-8090
Use-after-free in the DOM: Networking component
V. Comments for CVE-2020-15679
No comments yet