VYPR
Unrated severityNVD Advisory· Published Dec 22, 2022· Updated Apr 16, 2025

CVE-2020-15679

CVE-2020-15679

Description

An OAuth session fixation vulnerability existed in the VPN login flow, where an attacker could craft a custom login URL, convince a VPN user to login via that URL, and obtain authenticated access as that user. This issue is limited to cases where attacker and victim are sharing the same source IP and could allow the ability to view session states and disconnect VPN sessions. This vulnerability affects Mozilla VPN iOS 1.0.7 < (929), Mozilla VPN Windows < 1.2.2, and Mozilla VPN Android 1.1.0 < (1360).

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

4
  • Mozilla/Mozilla VPN Android 1.1.0v5
    Range: unspecified
  • Mozilla/Mozilla VPN iOS 1.0.7v5
    Range: unspecified
  • Mozilla/Mozilla VPN Windowsv5
    Range: unspecified

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.