PT-2019-12486 · Mozilla+5 · Firefox+5

Published

2019-08-14

·

Updated

2024-12-12

·

CVE-2019-11733

CVSS v3.1

9.8

Critical

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Firefox versions prior to 68.0.2 Firefox ESR versions prior to 68.0.2
Description A security issue was found where locally stored passwords can be copied to the clipboard through the 'copy password' context menu item without re-entering the master password, if the master password had been previously entered in the same session. This could potentially allow for theft of stored passwords.
Recommendations For Firefox versions prior to 68.0.2, update to version 68.0.2 or later to resolve the issue. For Firefox ESR versions prior to 68.0.2, update to version 68.0.2 or later to resolve the issue.

Exploit

Fix

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-287

Related Identifiers

ALT-PU-2019-2484
ALT-PU-2019-2486
ALT-PU-2019-2686
ALT-PU-2020-1617
CESA-2019_2663
CESA-2019_2694
CESA-2019_2729
CVE-2019-11733
MGASA-2019-0268
OPENSUSE-SU-2019:2251-1
OPENSUSE-SU-2019:2260-1
OPENSUSE-SU-2019_2251-1
OPENSUSE-SU-2019_2260-1
OPENSUSE-SU-2024:10600-1
OPENSUSE-SU-2024:14572-1
RHSA-2019:2663
RHSA-2019:2694
RHSA-2019:2729
RHSA-2019_2663
RHSA-2019_2694
RHSA-2019_2729
SUSE-SU-2019:14246-1
SUSE-SU-2019:2545-1
SUSE-SU-2019:2620-1
SUSE-SU-2019_14246-1
USN-4101-1

Affected Products

Alt Linux
Centos
Firefox
Red Hat
Suse
Ubuntu