PT-2024-8879 · Mozilla+1 · Firefox+1

Multiple Reporters

Published

2024-11-26

Updated

2025-11-19

CVE-2024-11703

CVSS v3.1

5.7

Medium

Vector

AV:P/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions: Firefox versions prior to 133

Description: The issue is related to the bypass of device PIN authentication, potentially allowing unauthorized access to protected information. On Android devices, Firefox may have inadvertently allowed viewing saved passwords without requiring the device PIN authentication. This could enable a remote attacker to gain unauthorized access to sensitive information.

Recommendations: For versions prior to 133, update to a version that includes the fix for this issue to prevent unauthorized access to saved passwords. As a temporary workaround, consider disabling the password saving feature in Firefox until a patch is available. Restrict access to sensitive information stored in Firefox to minimize the risk of exploitation.

Fix

Authentication Bypass Using an Alternate Path or Channel

Insufficiently Protected Credentials

Incorrect Default Permissions

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-288CWE-522CWE-276

Related Identifiers

ALT-PU-2024-16375

ALT-PU-2025-11100

ALT-PU-2025-14599

ALT-PU-2025-2230

BDU:2024-10546

CVE-2024-11703

OPENSUSE-SU-2024:14583-1

Affected Products

Alt Linux

Firefox

PT-2024-8879 · Mozilla+1 · Firefox+1

CVE-2024-11703

Weakness Enumeration

Related Identifiers

Affected Products

References · 31