Initially, a user opens a Private Browsing Window and generates a password for a site, then closes the Private Browsing Window but leaves Firefox open. Subsequently, if the user had opened a new Private Browsing Window, revisited the same site, and generated a new password - the generated passwords would have been identical, rather than independent. This vulnerability affects Firefox < 75.
Inicialmente, un usuario abre una Ventana de Navegación Privada y genera una contraseña para un sitio, luego cierra la Ventana de Navegación Privada pero deja abierto Firefox. Posteriormente, si el usuario hubiera abierto una nueva Ventana de Navegación Privada, visitado el mismo sitio y generada una nueva contraseña, las contraseñas generadas habrían sido idénticas, en lugar de ser independientes. Esta vulnerabilidad afecta a Firefox versiones anteriores a 75.
Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, or execute arbitrary code. It was discovered that extensions could obtain auth codes from OAuth login flows in some circumstances. If a user were tricked in to installing a specially crafted extension, an attacker could potentially exploit this to obtain access to the user's account. Various other issues were also addressed.
