Rewterz Threat Alert – SideWinder APT Group
November 6, 2020Rewterz Threat Alert – BEC Scam Harvesting Data for Financial Crime
November 6, 2020Rewterz Threat Alert – SideWinder APT Group
November 6, 2020Rewterz Threat Alert – BEC Scam Harvesting Data for Financial Crime
November 6, 2020Severity
High
Analysis Summary
CVE-2020-15679
Mozilla VPN for Windows, Android and iOS could allow a remote attacker to hijack a user’s session, caused by an OAuth session fixation vulnerability in the VPN login flow. By persuading a VPN user to login using a specially crafted login URL, an attacker could exploit this vulnerability to view session states and disconnect VPN sessions.
Impact
Session hijacking
Affected Vendors
Mozilla
Affected Products
- Mozilla VPN Android 1.0.9
- Mozilla VPN iOS 1.0.6
- Mozilla VPN Windows 1.2.1
Remediation
Refer to Mozilla Foundation Security Advisory 2020-48 for patch, upgrade or suggested workaround information.
https://www.mozilla.org/en-US/security/advisories/mfsa2020-48/