CVE-2020-37190 | THREATINT

Description

Top Password Firefox Password Recovery 2.8 contains a denial of service vulnerability that allows attackers to crash the application by overflowing input fields. Attackers can trigger the vulnerability by inserting 5000 characters into the User Name or Registration Code input fields.

PUBLISHED Reserved 2026-02-10 | Published 2026-02-11 | Updated 2026-02-12 | Assigner VulnCheck

MEDIUM: 4.6CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

HIGH: 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Problem types

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

Product status

2.8

affected

Credits

Antonio de la Piedra finder

References

www.exploit-db.com/exploits/47912 (ExploitDB-47912) exploit

www.top-password.com/ (Vendor Homepage) product

www.vulncheck.com/...fox-password-recovery-denial-of-service (VulnCheck Advisory: Top Password Firefox Password Recovery 2.8 - Denial of Service) third-party-advisory

cve.org (CVE-2020-37190)

nvd.nist.gov (CVE-2020-37190)

Download JSON