PT-2022-5673 · Mozilla+4 · Firefox+4

Sergey Galich

Published

2022-10-18

Updated

2024-12-12

CVE-2022-42931

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 106

Description The issue is related to the Form Manager component of Firefox, which stores usernames in an unencrypted file on disk, instead of using the Password Manager component that utilizes encryption. This could allow a remote attacker to disclose protected information. The username is the specific variable affected by this issue.

Recommendations For versions prior to 106, update to version 106 or later to resolve the issue. As a temporary workaround, consider restricting access to the Form Manager component until a patch is available. Avoid using the Form Manager for saving logins until the issue is resolved.

Exploit

Fix

Cleartext Storage of Sensitive Information

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-312

Related Identifiers

ALT-PU-2022-2886

ALT-PU-2022-3047

ALT-PU-2023-5754

ALT-PU-2023-6436

ALT-PU-2024-3614

BDU:2022-07068

CVE-2022-42931

OPENSUSE-SU-2024:12429-1

OPENSUSE-SU-2024:14572-1

USN-5709-1

USN-5709-2

Affected Products

Alt Linux

Astra Linux

Firefox

Linuxmint

Ubuntu

PT-2022-5673 · Mozilla+4 · Firefox+4

CVE-2022-42931

Weakness Enumeration

Related Identifiers

Affected Products

References · 1895