CVE-2018-12383

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

If a user saved passwords before Firefox 58 and then later set a master password, an unencrypted copy of these passwords is still accessible. This is because the older stored password file was not deleted when the data was copied to a new format starting in Firefox 58. The new master password is added only on the new file. This could allow the exposure of stored password data outside of user expectations. This vulnerability affects Firefox < 62, Firefox ESR < 60.2.1, and Thunderbird < 60.2.1.

References

http://www.securityfocus.com/bid/105276

http://www.securitytracker.com/id/1041610

http://www.securitytracker.com/id/1041701

https://access.redhat.com/errata/RHSA-2018:2834

https://access.redhat.com/errata/RHSA-2018:2835

https://access.redhat.com/errata/RHSA-2018:3403

https://access.redhat.com/errata/RHSA-2018:3458

https://bugzilla.mozilla.org/show_bug.cgi?id=1475775

https://lists.debian.org/debian-lts-announce/2018/11/msg00011.html

https://security.gentoo.org/glsa/201810-01

https://security.gentoo.org/glsa/201811-13

https://usn.ubuntu.com/3761-1/

https://usn.ubuntu.com/3793-1/

https://www.debian.org/security/2018/dsa-4304

https://www.debian.org/security/2018/dsa-4327

https://www.mozilla.org/security/advisories/mfsa2018-20/

https://www.mozilla.org/security/advisories/mfsa2018-23/

https://www.mozilla.org/security/advisories/mfsa2018-25/

Details

Source: MITRE

Published: 2018-10-18

Updated: 2019-10-03

Type: CWE-522

Risk Information

CVSS v2

Base Score: 2.1

Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N

Impact Score: 2.9

Exploitability Score: 3.9

Severity: LOW

CVSS v3

Base Score: 5.5

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Impact Score: 3.6

Exploitability Score: 1.8

Severity: MEDIUM

Tenable Plugins

View all (46 total)

IDNameProductFamilySeverity
127413NewStart CGSL MAIN 4.05 : thunderbird Multiple Vulnerabilities (NS-SA-2019-0145)NessusNewStart CGSL Local Security Checks
critical
127404NewStart CGSL MAIN 4.05 : firefox Multiple Vulnerabilities (NS-SA-2019-0141)NessusNewStart CGSL Local Security Checks
critical
127208NewStart CGSL CORE 5.04 / MAIN 5.04 : thunderbird Multiple Vulnerabilities (NS-SA-2019-0037)NessusNewStart CGSL Local Security Checks
critical
127198NewStart CGSL CORE 5.04 / MAIN 5.04 : firefox Multiple Vulnerabilities (NS-SA-2019-0032)NessusNewStart CGSL Local Security Checks
critical
123311openSUSE Security Update : MozillaFirefox (openSUSE-2019-716)NessusSuSE Local Security Checks
high
123293openSUSE Security Update : MozillaThunderbird (openSUSE-2019-680)NessusSuSE Local Security Checks
critical
700407Mozilla Firefox < 62.0 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
critical
121478Mozilla Thunderbird < 60.2.1NessusMacOS X Local Security Checks
critical
120146SUSE SLED15 / SLES15 Security Update : MozillaFirefox (SUSE-SU-2018:3476-1)NessusSuSE Local Security Checks
critical
119748Mozilla Firefox < 62 Multiple Vulnerabilities (macOS)NessusMacOS X Local Security Checks
critical
119451SUSE SLED12 / SLES12 Security Update : MozillaFirefox, MozillaFirefox-branding-SLE, llvm4, mozilla-nspr, mozilla-nss, apache2-mod_nss (SUSE-SU-2018:3591-2)NessusSuSE Local Security Checks
critical
119208Scientific Linux Security Update : thunderbird on SL7.x x86_64 (20181105)NessusScientific Linux Local Security Checks
critical
119133GLSA-201811-13 : Mozilla Thunderbird: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
118890Debian DLA-1575-1 : thunderbird security updateNessusDebian Local Security Checks
critical
118837CentOS 6 : thunderbird (CESA-2018:3403)NessusCentOS Local Security Checks
critical
118813Oracle Linux 7 : thunderbird (ELSA-2018-3458)NessusOracle Linux Local Security Checks
critical
118761EulerOS 2.0 SP3 : firefox (EulerOS-SA-2018-1367)NessusHuawei Local Security Checks
critical
118744RHEL 7 : thunderbird (RHSA-2018:3458)NessusRed Hat Local Security Checks
critical
118742EulerOS 2.0 SP2 : firefox (EulerOS-SA-2018-1359)NessusHuawei Local Security Checks
critical
118590SUSE SLED12 / SLES12 Security Update : MozillaFirefox, MozillaFirefox-branding-SLE, llvm4, mozilla-nspr, mozilla-nss, apache2-mod_nss (SUSE-SU-2018:3591-1)NessusSuSE Local Security Checks
critical
118585Scientific Linux Security Update : thunderbird on SL6.x i386/x86_64 (20181031)NessusScientific Linux Local Security Checks
critical
118552RHEL 6 : thunderbird (RHSA-2018:3403)NessusRed Hat Local Security Checks
critical
118473Debian DSA-4327-1 : thunderbird - security updateNessusDebian Local Security Checks
critical
118144Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : Thunderbird vulnerabilities (USN-3793-1)NessusUbuntu Local Security Checks
critical
117987openSUSE Security Update : MozillaThunderbird (openSUSE-2018-1139)NessusSuSE Local Security Checks
critical
117939Mozilla Thunderbird < 60.2.1 Multiple VulnerabilitiesNessusWindows
critical
117938Mozilla Thunderbird < 60.2.1 Multiple Vulnerabilities (macOS)NessusMacOS X Local Security Checks
critical
117894GLSA-201810-01 : Mozilla Firefox: Multiple vulnerabilitiesNessusGentoo Local Security Checks
critical
117851Scientific Linux Security Update : firefox on SL7.x x86_64 (20180927)NessusScientific Linux Local Security Checks
high
117850Scientific Linux Security Update : firefox on SL6.x i386/x86_64 (20180927)NessusScientific Linux Local Security Checks
high
117834CentOS 7 : firefox (CESA-2018:2835)NessusCentOS Local Security Checks
high
117833CentOS 6 : firefox (CESA-2018:2834)NessusCentOS Local Security Checks
high
117818RHEL 7 : firefox (RHSA-2018:2835)NessusRed Hat Local Security Checks
high
117817RHEL 6 : firefox (RHSA-2018:2834)NessusRed Hat Local Security Checks
high
117815Oracle Linux 7 : firefox (ELSA-2018-2835)NessusOracle Linux Local Security Checks
high
117690openSUSE Security Update : MozillaFirefox (openSUSE-2018-1042)NessusSuSE Local Security Checks
high
117677Debian DSA-4304-1 : firefox-esr - security updateNessusDebian Local Security Checks
high
117670Mozilla Firefox ESR < 60.2.1 Multiple VulnerabilitiesNessusWindows
high
117669Mozilla Firefox ESR < 60.2.1 Multiple Vulnerabilities (macOS)NessusMacOS X Local Security Checks
high
117654Slackware 14.2 / current : mozilla-firefox (SSA:2018-265-01)NessusSlackware Local Security Checks
medium
117538Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : firefox regressions (USN-3761-3)NessusUbuntu Local Security Checks
critical
117496Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : Firefox regressions (USN-3761-2)NessusUbuntu Local Security Checks
critical
117357Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : firefox vulnerabilities (USN-3761-1)NessusUbuntu Local Security Checks
critical
117304FreeBSD : mozilla -- multiple vulnerabilities (c96d416a-eae7-4d5d-bc84-40deca9329fb)NessusFreeBSD Local Security Checks
critical
117294Mozilla Firefox < 62 Multiple Critical VulnerabilitiesNessusWindows
critical
117291Mozilla Firefox < 62 Multiple Critical Vulnerabilities (macOS)NessusMacOS X Local Security Checks
critical