PT-2018-3013 · Mozilla+5 · Firefox Esr+7

Jurgen Gaeremyn

·

Publicado

2018-09-05

·

Atualizado

2024-12-12

·

CVE-2018-12383

CVSS v3.1

5.5

Média

VetorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Name of the Vulnerable Software and Affected Versions Firefox versions prior to 62 Firefox ESR versions prior to 60.2.1 Thunderbird versions prior to 60.2.1
Description The issue is related to the storage of passwords in an unencrypted form. If a user saved passwords before Firefox 58 and then later set a master password, an unencrypted copy of these passwords is still accessible. This could allow the exposure of stored password data outside of user expectations. The vulnerability may allow an attacker to gain unauthorized access to protected information.
Recommendations For Firefox versions prior to 62, update to version 62 or later to resolve the issue. For Firefox ESR versions prior to 60.2.1, update to version 60.2.1 or later to resolve the issue. For Thunderbird versions prior to 60.2.1, update to version 60.2.1 or later to resolve the issue.

Exploit

Correção

Insufficiently Protected Credentials

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-522CWE-256CWE-212

Identificadores relacionados

ALT-PU-2018-2388
ALT-PU-2018-2423
ALT-PU-2018-2669
ALT-PU-2019-2324
ALT-PU-2019-2486
BDU:2019-03412
CESA-2018_2834
CESA-2018_2835
CESA-2018_3403
CVE-2018-12383
DLA-1575-1
DSA-4304-1
DSA-4327-1
MGASA-2018-0480
OPENSUSE-SU-2018:3687-1
OPENSUSE-SU-2018_2817-1
OPENSUSE-SU-2018_3051-1
OPENSUSE-SU-2024:10600-1
OPENSUSE-SU-2024:10601-1
OPENSUSE-SU-2024:14572-1
RHSA-2018:2834
RHSA-2018:2835
RHSA-2018:3403
RHSA-2018:3458
RHSA-2018_2834
RHSA-2018_2835
RHSA-2018_3403
RHSA-2018_3458
SUSE-SU-2018:3247-1
SUSE-SU-2018:3476-1
SUSE-SU-2018:3591-1
SUSE-SU-2018:3591-2
SUSE-SU-2018_3476-1
USN-3761-1
USN-3761-2
USN-3761-3
USN-3793-1

Produtos afetados

Alt Linux
Centos
Firefox
Firefox Esr
Red Hat
Suse
Thunderbird
Ubuntu