CVE-2019-11733
Last modified
CVE-2019-11733 is a critical-severity vulnerability rated 9.8/10 on the CVSS scale. When a master password is set, it is required to be entered again before stored passwords can be accessed in the 'Saved Logins' dialog. It was found that locally stored passwords can be copied to the clipboard thorough the 'copy password' context menu item without re-entering the master password if the master password had been previously entered in the same session, allowing for potential theft of stored passwords. EPSS estimates a 1.41% chance of exploitation in the next 30 days.
Description
When a master password is set, it is required to be entered again before stored passwords can be accessed in the 'Saved Logins' dialog. It was found that locally stored passwords can be copied to the clipboard thorough the 'copy password' context menu item without re-entering the master password if the master password had been previously entered in the same session, allowing for potential theft of stored passwords. This vulnerability affects Firefox < 68.0.2 and Firefox ESR < 68.0.2.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Mozilla | Firefox | < 68.0.2 |
References
- https://bugzilla.mozilla.org/show_bug.cgi?id=1565780Issue Tracking, Permissions Required, Vendor Advisory
- https://www.mozilla.org/security/advisories/mfsa2019-24/Vendor Advisory
- https://bugzilla.mozilla.org/show_bug.cgi?id=1565780Issue Tracking, Permissions Required, Vendor Advisory
- https://www.mozilla.org/security/advisories/mfsa2019-24/Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2019-11733?
How severe is CVE-2019-11733?
How do I fix CVE-2019-11733?
Are you affected by CVE-2019-11733?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST