CVE-2020-26965

Some websites have a feature "Show Password" where clicking a button will change a password field into a textbook field, revealing the typed password. If, when using a software keyboard that remembers user input, a user typed their password and used that feature, the type of the password field was changed, resulting in a keyboard layout change and the possibility for the software keyboard to remember the typed password. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5.

Some websites have a feature "Show Password" where clicking a button will change a password field into a textbook field, revealing the typed password. If, when using a software keyboard that remembers user input, a user typed their password and used that feature, the type of the password field was changed, resulting in a keyboard layout change and the possibility for the software keyboard to remember the typed password. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5.

Algunos sitios web presentan una funcionalidad "Show Password" donde al hacer clic en un botón se cambiará un campo de contraseña en un campo textbook, divulgando la contraseña escrita.&#xa0;Si, al usar un teclado de software que recuerda la entrada del usuario, un usuario escribió su contraseña y usó esa funcionalidad, se cambió el tipo de campo de contraseña, resultando en un cambio de distribución del teclado y la posibilidad de que el teclado de software recuerde la contraseña escrita.&#xa0;Esta vulnerabilidad afecta a Firefox versiones anteriores a 83, Firefox ESR versiones anteriores a 78,5 y Thunderbird versiones anteriores a 78,5