CVE-2019-11733

CRITICAL
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

When a master password is set, it is required to be entered again before stored passwords can be accessed in the 'Saved Logins' dialog. It was found that locally stored passwords can be copied to the clipboard thorough the 'copy password' context menu item without re-entering the master password if the master password had been previously entered in the same session, allowing for potential theft of stored passwords. This vulnerability affects Firefox < 68.0.2 and Firefox ESR < 68.0.2.

References

http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00011.html

http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00017.html

https://bugzilla.mozilla.org/show_bug.cgi?id=1565780

https://www.mozilla.org/security/advisories/mfsa2019-24/

Details

Source: MITRE

Published: 2019-09-27

Updated: 2020-08-24

Type: CWE-287

Risk Information

CVSS v2

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

CVSS v3

Base Score: 9.8

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 3.9

Severity: CRITICAL

Tenable Plugins

View all (25 total)

IDNameProductFamilySeverity
147407NewStart CGSL MAIN 4.06 : firefox Multiple Vulnerabilities (NS-SA-2021-0004)NessusNewStart CGSL Local Security Checks
critical
145625CentOS 8 : firefox (CESA-2019:2663)NessusCentOS Local Security Checks
high
134411NewStart CGSL MAIN 4.05 : firefox Multiple Vulnerabilities (NS-SA-2020-0017)NessusNewStart CGSL Local Security Checks
critical
132503NewStart CGSL CORE 5.05 / MAIN 5.05 : firefox Multiple Vulnerabilities (NS-SA-2019-0233)NessusNewStart CGSL Local Security Checks
high
129926NewStart CGSL CORE 5.04 / MAIN 5.04 : firefox Multiple Vulnerabilities (NS-SA-2019-0192)NessusNewStart CGSL Local Security Checks
high
129772SUSE SLED12 / SLES12 Security Update : MozillaFirefox (SUSE-SU-2019:2620-1)NessusSuSE Local Security Checks
high
129665openSUSE Security Update : MozillaFirefox (openSUSE-2019-2260)NessusSuSE Local Security Checks
high
129664openSUSE Security Update : MozillaFirefox (openSUSE-2019-2251)NessusSuSE Local Security Checks
high
129583SUSE SLED15 / SLES15 Security Update : MozillaFirefox (SUSE-SU-2019:2545-1)NessusSuSE Local Security Checks
high
129023CentOS 7 : firefox (CESA-2019:2729)NessusCentOS Local Security Checks
high
128976CentOS 6 : firefox (CESA-2019:2694)NessusCentOS Local Security Checks
high
128861Scientific Linux Security Update : firefox on SL7.x x86_64 (20190911)NessusScientific Linux Local Security Checks
high
128853RHEL 7 : firefox (RHSA-2019:2729)NessusRed Hat Local Security Checks
high
128747Oracle Linux 7 : firefox (ELSA-2019-2729)NessusOracle Linux Local Security Checks
high
128667Scientific Linux Security Update : firefox on SL6.x i386/x86_64 (20190910)NessusScientific Linux Local Security Checks
high
128660RHEL 6 : firefox (RHSA-2019:2694)NessusRed Hat Local Security Checks
high
128656Oracle Linux 6 : firefox (ELSA-2019-2694)NessusOracle Linux Local Security Checks
high
128599Oracle Linux 8 : firefox (ELSA-2019-2663)NessusOracle Linux Local Security Checks
high
128517RHEL 8 : firefox (RHSA-2019:2663)NessusRed Hat Local Security Checks
high
128308FreeBSD : Mozilla -- Stored passwords in 'Saved Logins' can be copied without master password entry (0f31b4e9-c827-11e9-9626-589cfc01894a)NessusFreeBSD Local Security Checks
critical
128062Mozilla Firefox ESR < 68.0.2NessusWindows
critical
128061Mozilla Firefox < 68.0.2NessusWindows
critical
128060Mozilla Firefox ESR < 68.0.2NessusMacOS X Local Security Checks
critical
128059Mozilla Firefox < 68.0.2NessusMacOS X Local Security Checks
critical
128026Ubuntu 16.04 LTS / 18.04 LTS / 19.04 : Firefox vulnerability (USN-4101-1)NessusUbuntu Local Security Checks
critical