CVE-2019-11733

When a master password is set, it is required to be entered again before stored passwords can be accessed in the 'Saved Logins' dialog. It was found that locally stored passwords can be copied to the clipboard thorough the 'copy password' context menu item without re-entering the master password if the master password had been previously entered in the same session, allowing for potential theft of stored passwords. This vulnerability affects Firefox < 68.0.2 and Firefox ESR < 68.0.2.

Published: Sep 27, 2019
Updated: Apr 13, 2023
CVE: CVE-2019-11733
Severity: Critical
Exploit:

CVSS v3:

Severity: Critical
Score: 9.8
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:P/I:N/A:N

CWEs:

CWE-287

OWASP TOP 10:

A2 - Broken Authentication

Affected Software
References

Software	From	Fixed in
mozilla / firefox	-	68.0.2
mozilla / firefox_esr	-	68.0.2

http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00011.html
http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00017.html
https://bugzilla.mozilla.org/show_bug.cgi?id=1565780
https://www.mozilla.org/security/advisories/mfsa2019-24/

Vulnerability Database

CVE-2019-11733