VuXML ID | Description |
0592f49f-b3b8-4260-b648-d1718762656c | mozilla -- multiple vulnerabilities
Mozilla Foundation reports:
CVE-2019-9811: Sandbox escape via installation of malicious language pack
CVE-2019-11711: Script injection within domain through inner window reuse
CVE-2019-11712: Cross-origin POST requests can be made with NPAPI plugins by following 308 redirects
CVE-2019-11713: Use-after-free with HTTP/2 cached stream
CVE-2019-11714: NeckoChild can trigger crash when accessed off of main thread
CVE-2019-11729: Empty or malformed p256-ECDH public keys may trigger a segmentation fault
CVE-2019-11715: HTML parsing error can contribute to content XSS
CVE-2019-11716: globalThis not enumerable until accessed
CVE-2019-11717: Caret character improperly escaped in origins
CVE-2019-11718: Activity Stream writes unsanitized content to innerHTML
CVE-2019-11719: Out-of-bounds read when importing curve25519 private key
CVE-2019-11720: Character encoding XSS vulnerability
CVE-2019-11721: Domain spoofing through unicode latin 'kra' character
CVE-2019-11730: Same-origin policy treats all files in a directory as having the same-origin
CVE-2019-11723: Cookie leakage during add-on fetching across private browsing boundaries
CVE-2019-11724: Retired site input.mozilla.org has remote troubleshooting permissions
CVE-2019-11725: Websocket resources bypass safebrowsing protections
CVE-2019-11727: PKCS#1 v1.5 signatures can be used for TLS 1.3
CVE-2019-11728: Port scanning through Alt-Svc header
CVE-2019-11710: Memory safety bugs fixed in Firefox 68
CVE-2019-11709: Memory safety bugs fixed in Firefox 68 and Firefox ESR 60.8
Discovery 2019-07-09 Entry 2019-07-09 Modified 2019-07-23 firefox
< 68.0_4,1
waterfox
< 56.2.12
seamonkey
linux-seamonkey
< 2.53.0
firefox-esr
< 60.8.0,1
linux-firefox
< 60.8.0,2
libxul
thunderbird
linux-thunderbird
< 60.8.0
CVE-2019-11709
CVE-2019-11710
CVE-2019-11711
CVE-2019-11712
CVE-2019-11713
CVE-2019-11714
CVE-2019-11715
CVE-2019-11716
CVE-2019-11717
CVE-2019-11718
CVE-2019-11719
CVE-2019-11720
CVE-2019-11721
CVE-2019-11723
CVE-2019-11724
CVE-2019-11725
CVE-2019-11727
CVE-2019-11728
CVE-2019-11729
CVE-2019-11730
CVE-2019-9811
https://www.mozilla.org/security/advisories/mfsa2019-21/
https://www.mozilla.org/security/advisories/mfsa2019-22/
|
18211552-f650-4d86-ba4f-e6d5cbfcdbeb | mozilla -- multiple vulnerabilities
Mozilla Foundation reports:
CVE-2018-18356: Use-after-free in Skia
CVE-2019-5785: Integer overflow in Skia
CVE-2018-18511: Cross-origin theft of images with ImageBitmapRenderingContext
Discovery 2019-02-13 Entry 2019-02-13 firefox
< 65.0.1,1
firefox-esr
< 60.5.1,1
thunderbird
< 60.5.1
CVE-2018-18511
CVE-2018-18356
CVE-2019-5785
https://www.mozilla.org/en-US/security/advisories/mfsa2019-04/
https://www.mozilla.org/en-US/security/advisories/mfsa2019-05/
|
c4f39920-781f-4aeb-b6af-17ed566c4272 | mozilla -- multiple vulnerabilities
Mozilla Foundation reports:
CVE-2018-12386: Type confusion in JavaScript
A vulnerability in register allocation in JavaScript can
lead to type confusion, allowing for an arbitrary read and
write. This leads to remote code execution inside the
sandboxed content process when triggered.
CVE-2018-12387:
A vulnerability where the JavaScript JIT compiler inlines
Array.prototype.push with multiple arguments that results
in the stack pointer being off by 8 bytes after a
bailout. This leaks a memory address to the calling
function which can be used as part of an exploit inside
the sandboxed content process.
Discovery 2018-10-02 Entry 2018-10-02 Modified 2019-07-23 firefox
< 62.0.3,1
waterfox
< 56.2.4
seamonkey
linux-seamonkey
< 2.53.0
firefox-esr
< 60.2.2,1
linux-firefox
< 60.2.2,2
libxul
thunderbird
linux-thunderbird
< 60.2.2
CVE-2018-12386
CVE-2018-12387
https://www.mozilla.org/en-US/security/advisories/mfsa2018-24/
|
05463e0a-abd3-4fa4-bd5f-cd5ed132d4c6 | mozilla -- multiple vulnerabilities
Mozilla Foundation reports:
CVE-2019-11751: Malicious code execution through command line parameters
CVE-2019-11746: Use-after-free while manipulating video
CVE-2019-11744: XSS by breaking out of title and textarea elements using innerHTML
CVE-2019-11742: Same-origin policy violation with SVG filters and canvas to steal cross-origin images
CVE-2019-11736: File manipulation and privilege escalation in Mozilla Maintenance Service
CVE-2019-11753: Privilege escalation with Mozilla Maintenance Service in custom Firefox installation location
CVE-2019-11752: Use-after-free while extracting a key value in IndexedDB
CVE-2019-9812: Sandbox escape through Firefox Sync
CVE-2019-11741: Isolate addons.mozilla.org and accounts.firefox.com
CVE-2019-11743: Cross-origin access to unload event attributes
CVE-2019-11748: Persistence of WebRTC permissions in a third party context
CVE-2019-11749: Camera information available without prompting using getUserMedia
CVE-2019-5849: Out-of-bounds read in Skia
CVE-2019-11750: Type confusion in Spidermonkey
CVE-2019-11737: Content security policy directives ignore port and path if host is a wildcard
CVE-2019-11738: Content security policy bypass through hash-based sources in directives
CVE-2019-11747: 'Forget about this site' removes sites from pre-loaded HSTS list
CVE-2019-11734: Memory safety bugs fixed in Firefox 69
CVE-2019-11735: Memory safety bugs fixed in Firefox 69 and Firefox ESR 68.1
CVE-2019-11740: Memory safety bugs fixed in Firefox 69, Firefox ESR 68.1, and Firefox ESR 60.9
Discovery 2019-09-03 Entry 2019-09-03 firefox
< 69.0,1
waterfox
< 56.2.14
seamonkey
linux-seamonkey
< 2.53.0
firefox-esr
ge 61.0,1 lt 68.1.0,1
< 60.9.0,1
linux-firefox
ge 61.0,2 lt 68.1.0,2
< 60.9.0,2
libxul
thunderbird
linux-thunderbird
ge 61.0 lt 68.1.0
< 60.9.0
CVE-2019-11734
CVE-2019-11735
CVE-2019-11736
CVE-2019-11737
CVE-2019-11738
CVE-2019-11740
CVE-2019-11741
CVE-2019-11742
CVE-2019-11743
CVE-2019-11744
CVE-2019-11746
CVE-2019-11747
CVE-2019-11748
CVE-2019-11749
CVE-2019-11750
CVE-2019-11751
CVE-2019-11752
CVE-2019-11753
CVE-2019-5849
CVE-2019-9812
https://www.mozilla.org/security/advisories/mfsa2019-25/
https://www.mozilla.org/security/advisories/mfsa2019-26/
https://www.mozilla.org/security/advisories/mfsa2019-27/
|
3284d948-140c-4a3e-aa76-3b440e2006a8 | firefox -- Crash in TransportSecurityInfo due to cached data
The Mozilla Foundation reports:
A potentially exploitable crash in TransportSecurityInfo used for SSL can be triggered by data stored in the local cache in the user profile directory. This issue is only exploitable in combination with another vulnerability allowing an attacker to write data into the local cache or from locally installed malware. This issue also triggers a non-exploitable startup crash for users switching between the Nightly and Release versions of Firefox if the same profile is used.
Discovery 2018-09-21 Entry 2018-09-21 firefox
< 62.0.2,1
firefox-esr
< 60.2.1,1
CVE-2018-12385
https://www.mozilla.org/security/advisories/mfsa2018-22/
|
0cea6e0a-7a39-4dac-b3ec-dbc13d404f76 | mozilla -- multiple vulnerabilities
Mozilla Foundation reports:
CVE-2019-11707: Type confusion in Array.pop
A type confusion vulnerability can occur when
manipulating JavaScript objects due to issues in
Array.pop. This can allow for an exploitable crash. We are
aware of targeted attacks in the wild abusing this flaw.
Discovery 2019-06-18 Entry 2019-06-19 Modified 2019-06-20 firefox
< 67.0.3,1
waterfox
< 56.2.11
firefox-esr
< 60.7.1,1
CVE-2019-11707
https://www.mozilla.org/security/advisories/mfsa2019-18/
|
e3e68fe8-d9cb-4ba8-b09c-9e3a28588eb7 | firefox -- Heap buffer overflow rasterizing paths in SVG with Skia
The Mozilla Foundation reports:
A heap buffer overflow can occur in the Skia library when
rasterizing paths using a maliciously crafted SVG file
with anti-aliasing turned off. This results in a
potentially exploitable crash.
Discovery 2018-06-06 Entry 2018-06-08 firefox
< 60.0.2,1
waterfox
< 56.2.0.13_5
firefox-esr
< 52.8.1,1
seamonkey
linux-seamonkey
< 2.49.4
https://www.mozilla.org/security/advisories/mfsa2018-14/
|
cd81806c-26e7-4d4a-8425-02724a2f48af | mozilla -- multiple vulnerabilities
Mozilla Foundation reports:
CVE-2018-12359: Buffer overflow using computed size of canvas element
CVE-2018-12360: Use-after-free when using focus()
CVE-2018-12361: Integer overflow in SwizzleData
CVE-2018-12358: Same-origin bypass using service worker and redirection
CVE-2018-12362: Integer overflow in SSSE3 scaler
CVE-2018-5156: Media recorder segmentation fault when track type is changed during capture
CVE-2018-12363: Use-after-free when appending DOM nodes
CVE-2018-12364: CSRF attacks through 307 redirects and NPAPI plugins
CVE-2018-12365: Compromised IPC child process can list local filenames
CVE-2018-12371: Integer overflow in Skia library during edge builder allocation
CVE-2018-12366: Invalid data handling during QCMS transformations
CVE-2018-12367: Timing attack mitigation of PerformanceNavigationTiming
CVE-2018-12368: No warning when opening executable SettingContent-ms files
CVE-2018-12369: WebExtension security permission checks bypassed by embedded experiments
CVE-2018-12370: SameSite cookie protections bypassed when exiting Reader View
CVE-2018-5186: Memory safety bugs fixed in Firefox 61
CVE-2018-5187: Memory safety bugs fixed in Firefox 60 and Firefox ESR 60.1
CVE-2018-5188: Memory safety bugs fixed in Firefox 60, Firefox ESR 60.1, and Firefox ESR 52.9
Discovery 2018-06-26 Entry 2018-06-26 Modified 2018-07-07 firefox
< 61.0_1,1
waterfox
< 56.2.1.19_2
seamonkey
linux-seamonkey
< 2.49.4
firefox-esr
ge 60.0,1 lt 60.1.0_1,1
< 52.9.0_1,1
linux-firefox
< 52.9.0,2
libxul
thunderbird
linux-thunderbird
< 52.9.0
CVE-2018-12362
CVE-2018-5156
CVE-2018-5186
CVE-2018-5187
CVE-2018-5188
CVE-2018-12358
CVE-2018-12359
CVE-2018-12360
CVE-2018-12361
CVE-2018-12363
CVE-2018-12364
CVE-2018-12365
CVE-2018-12366
CVE-2018-12367
CVE-2018-12368
CVE-2018-12369
CVE-2018-12370
CVE-2018-12371
https://www.mozilla.org/en-US/security/advisories/mfsa2018-15/
https://www.mozilla.org/en-US/security/advisories/mfsa2018-16/
https://www.mozilla.org/en-US/security/advisories/mfsa2018-17/
|
b1f7d52f-fc42-48e8-8403-87d4c9d26229 | mozilla -- multiple vulnerabilities
Mozilla Foundation reports:
CVE-2018-18500: Use-after-free parsing HTML5 stream
CVE-2018-18503: Memory corruption with Audio Buffer
CVE-2018-18504: Memory corruption and out-of-bounds read of texture client buffer
CVE-2018-18505: Privilege escalation through IPC channel messages
CVE-2018-18506: Proxy Auto-Configuration file can define localhost access to be proxied
CVE-2018-18502: Memory safety bugs fixed in Firefox 65
CVE-2018-18501: Memory safety bugs fixed in Firefox 65 and Firefox ESR 60.5
Discovery 2019-01-29 Entry 2019-01-29 Modified 2019-07-23 firefox
< 65.0_1,1
waterfox
< 56.2.7
seamonkey
linux-seamonkey
< 2.53.0
firefox-esr
< 60.5.0_1,1
linux-firefox
< 60.5.0,2
libxul
thunderbird
linux-thunderbird
< 60.5.0
CVE-2018-18500
CVE-2018-18501
CVE-2018-18502
CVE-2018-18503
CVE-2018-18504
CVE-2018-18505
CVE-2018-18506
https://www.mozilla.org/en-US/security/advisories/mfsa2019-01/
https://www.mozilla.org/en-US/security/advisories/mfsa2019-02/
|
39bc2294-ff32-4972-9ecb-b9f40b4ccb74 | Mozilla -- multiple vulnerabilities
Mozilla Foundation reports:
CVE-2019-11708: sandbox escape using Prompt:Open
Insufficient vetting of parameters passed with the
Prompt:Open IPC message between child and parent processes
can result in the non-sandboxed parent process opening web
content chosen by a compromised child process. When combined
with additional vulnerabilities this could result in executing
arbitrary code on the user's computer.
Discovery 2019-06-20 Entry 2019-06-21 Modified 2019-07-09 firefox
< 67.0.4,1
waterfox
< 56.2.12
firefox-esr
< 60.7.2,1
https://www.mozilla.org/en-US/security/advisories/mfsa2019-19/
CVE-2019-11708
|
05da6b56-3e66-4306-9ea3-89fafe939726 | mozilla -- multiple vulnerabilities
Mozilla Foundation reports:
CVE-2019-9790: Use-after-free when removing in-use DOM elements
CVE-2019-9791: Type inference is incorrect for constructors entered through on-stack replacement with IonMonkey
CVE-2019-9792: IonMonkey leaks JS_OPTIMIZED_OUT magic value to script
CVE-2019-9793: Improper bounds checks when Spectre mitigations are disabled
CVE-2019-9794: Command line arguments not discarded during execution
CVE-2019-9795: Type-confusion in IonMonkey JIT compiler
CVE-2019-9796: Use-after-free with SMIL animation controller
CVE-2019-9797: Cross-origin theft of images with createImageBitmap
CVE-2019-9798: Library is loaded from world writable APITRACE_LIB location
CVE-2019-9799: Information disclosure via IPC channel messages
CVE-2019-9801: Windows programs that are not 'URL Handlers' are exposed to web content
CVE-2019-9802: Chrome process information leak
CVE-2019-9803: Upgrade-Insecure-Requests incorrectly enforced for same-origin navigation
CVE-2019-9804: Code execution through 'Copy as cURL' in Firefox Developer Tools on macOS
CVE-2019-9805: Potential use of uninitialized memory in Prio
CVE-2019-9806: Denial of service through successive FTP authorization prompts
CVE-2019-9807: Text sent through FTP connection can be incorporated into alert messages
CVE-2019-9809: Denial of service through FTP modal alert error messages
CVE-2019-9808: WebRTC permissions can display incorrect origin with data: and blob: URLs
CVE-2019-9789: Memory safety bugs fixed in Firefox 66
CVE-2019-9788: Memory safety bugs fixed in Firefox 66 and Firefox ESR 60.6
Discovery 2019-03-19 Entry 2019-03-19 Modified 2019-07-23 firefox
< 66.0_3,1
waterfox
< 56.2.9
seamonkey
linux-seamonkey
< 2.53.0
firefox-esr
< 60.6.0,1
linux-firefox
< 60.6.0,2
libxul
thunderbird
linux-thunderbird
< 60.6.0
CVE-2019-9788
CVE-2019-9789
CVE-2019-9790
CVE-2019-9791
CVE-2019-9792
CVE-2019-9793
CVE-2019-9794
CVE-2019-9795
CVE-2019-9796
CVE-2019-9797
CVE-2019-9798
CVE-2019-9799
CVE-2019-9801
CVE-2019-9802
CVE-2019-9803
CVE-2019-9804
CVE-2019-9805
CVE-2019-9806
CVE-2019-9807
CVE-2019-9808
CVE-2019-9809
https://www.mozilla.org/security/advisories/mfsa2019-07/
https://www.mozilla.org/security/advisories/mfsa2019-08/
|
c96d416a-eae7-4d5d-bc84-40deca9329fb | mozilla -- multiple vulnerabilities
Mozilla Foundation reports:
CVE-2018-12377: Use-after-free in refresh driver timers
CVE-2018-12378: Use-after-free in IndexedDB
CVE-2018-12379: Out-of-bounds write with malicious MAR file
CVE-2017-16541: Proxy bypass using automount and autofs
CVE-2018-12381: Dragging and dropping Outlook email message results in page navigation
CVE-2018-12382: Addressbar spoofing with javascript URI on Firefox for Android
CVE-2018-12383: Setting a master password post-Firefox 58 does not delete unencrypted previously stored passwords
CVE-2018-12375: Memory safety bugs fixed in Firefox 62
CVE-2018-12376: Memory safety bugs fixed in Firefox 62 and Firefox ESR 60.2
Discovery 2018-09-05 Entry 2018-09-05 Modified 2018-09-15 firefox
< 62.0_1,1
waterfox
< 56.2.3
seamonkey
linux-seamonkey
< 2.49.5
firefox-esr
< 60.2.0_1,1
linux-firefox
< 60.2.0,2
libxul
thunderbird
linux-thunderbird
< 60.2
CVE-2017-16541
CVE-2018-12375
CVE-2018-12376
CVE-2018-12377
CVE-2018-12378
CVE-2018-12379
CVE-2018-12381
CVE-2018-12382
CVE-2018-12383
https://www.mozilla.org/en-US/security/advisories/mfsa2018-20/
https://www.mozilla.org/en-US/security/advisories/mfsa2018-21/
|
44b6dfbf-4ef7-4d52-ad52-2b1b05d81272 | mozilla -- multiple vulnerabilities
Mozilla Foundation reports:
CVE-2019-9815: Disable hyperthreading on content JavaScript threads on macOS
CVE-2019-9816: Type confusion with object groups and UnboxedObjects
CVE-2019-9817: Stealing of cross-domain images using canvas
CVE-2019-9818: Use-after-free in crash generation server
CVE-2019-9819: Compartment mismatch with fetch API
CVE-2019-9820: Use-after-free of ChromeEventHandler by DocShell
CVE-2019-9821: Use-after-free in AssertWorkerThread
CVE-2019-11691: Use-after-free in XMLHttpRequest
CVE-2019-11692: Use-after-free removing listeners in the event listener manager
CVE-2019-11693: Buffer overflow in WebGL bufferdata on Linux
CVE-2019-7317: Use-after-free in png_image_free of libpng library
CVE-2019-11694: Uninitialized memory memory leakage in Windows sandbox
CVE-2019-11695: Custom cursor can render over user interface outside of web content
CVE-2019-11696: Java web start .JNLP files are not recognized as executable files for download prompts
CVE-2019-11697: Pressing key combinations can bypass installation prompt delays and install extensions
CVE-2019-11698: Theft of user history data through drag and drop of hyperlinks to and from bookmarks
CVE-2019-11700: res: protocol can be used to open known local files
CVE-2019-11699: Incorrect domain name highlighting during page navigation
CVE-2019-11701: webcal: protocol default handler loads vulnerable web page
CVE-2019-9814: Memory safety bugs fixed in Firefox 67
CVE-2019-9800: Memory safety bugs fixed in Firefox 67 and Firefox ESR 60.7
Discovery 2019-05-21 Entry 2019-05-22 Modified 2019-07-23 firefox
< 67.0,1
waterfox
< 56.2.10
seamonkey
linux-seamonkey
< 2.53.0
firefox-esr
< 60.7.0,1
linux-firefox
< 60.7.0,2
libxul
thunderbird
linux-thunderbird
< 60.7.0
CVE-2019-9815
CVE-2019-9816
CVE-2019-9817
CVE-2019-9818
CVE-2019-9819
CVE-2019-9820
CVE-2019-9821
CVE-2019-11691
CVE-2019-11692
CVE-2019-11693
CVE-2019-7317
CVE-2019-11694
CVE-2019-11695
CVE-2019-11696
CVE-2019-11697
CVE-2019-11698
CVE-2019-11700
CVE-2019-11699
CVE-2019-11701
CVE-2019-9814
CVE-2019-9800
https://www.mozilla.org/security/advisories/mfsa2019-13/
https://www.mozilla.org/security/advisories/mfsa2019-14/
https://www.mozilla.org/security/advisories/mfsa2019-15/
|
7c3a02b9-3273-4426-a0ba-f90fad2ff72e | mozilla -- multiple vulnerabilities
Mozilla Foundation reports:
CVE-2018-12391: HTTP Live Stream audio data is accessible cross-origin
CVE-2018-12392: Crash with nested event loops
CVE-2018-12393: Integer overflow during Unicode conversion while loading JavaScript
CVE-2018-12395: WebExtension bypass of domain restrictions through header rewriting
CVE-2018-12396: WebExtension content scripts can execute in disallowed contexts
CVE-2018-12397:
CVE-2018-12398: CSP bypass through stylesheet injection in resource URIs
CVE-2018-12399: Spoofing of protocol registration notification bar
CVE-2018-12400: Favicons are cached in private browsing mode on Firefox for Android
CVE-2018-12401: DOS attack through special resource URI parsing
CVE-2018-12402: SameSite cookies leak when pages are explicitly saved
CVE-2018-12403: Mixed content warning is not displayed when HTTPS page loads a favicon over HTTP
CVE-2018-12388: Memory safety bugs fixed in Firefox 63
CVE-2018-12390: Memory safety bugs fixed in Firefox 63 and Firefox ESR 60.3
Discovery 2018-10-23 Entry 2018-10-23 Modified 2019-07-23 firefox
< 63.0_1,1
waterfox
< 56.2.5
seamonkey
linux-seamonkey
< 2.53.0
firefox-esr
< 60.3.0,1
linux-firefox
< 60.3.0,2
libxul
thunderbird
linux-thunderbird
< 60.3.0
CVE-2018-12388
CVE-2018-12390
CVE-2018-12391
CVE-2018-12392
CVE-2018-12393
CVE-2018-12395
CVE-2018-12396
CVE-2018-12397
CVE-2018-12398
CVE-2018-12399
CVE-2018-12400
CVE-2018-12401
CVE-2018-12402
CVE-2018-12403
https://www.mozilla.org/en-US/security/advisories/mfsa2018-26/
https://www.mozilla.org/en-US/security/advisories/mfsa2018-27/
|
d10b49b2-8d02-49e8-afde-0844626317af | mozilla -- multiple vulnerabilities
Mozilla Foundation reports:
CVE-2018-12407: Buffer overflow with ANGLE library when using VertexBuffer11 module
CVE-2018-17466: Buffer overflow and out-of-bounds read in ANGLE library with TextureStorage11
CVE-2018-18492: Use-after-free with select element
CVE-2018-18493: Buffer overflow in accelerated 2D canvas with Skia
CVE-2018-18494: Same-origin policy violation using location attribute and performance.getEntries to steal cross-origin URLs
CVE-2018-18495: WebExtension content scripts can be loaded in about: pages
CVE-2018-18496: Embedded feed preview page can be abused for clickjacking
CVE-2018-18497: WebExtensions can load arbitrary URLs through pipe separators
CVE-2018-18498: Integer overflow when calculating buffer sizes for images
CVE-2018-12406: Memory safety bugs fixed in Firefox 64
CVE-2018-12405: Memory safety bugs fixed in Firefox 64 and Firefox ESR 60.4
Discovery 2018-12-11 Entry 2018-12-11 Modified 2019-07-23 firefox
< 64.0_3,1
waterfox
< 56.2.6
seamonkey
linux-seamonkey
< 2.53.0
firefox-esr
< 60.4.0,1
linux-firefox
< 60.4.0,2
libxul
thunderbird
linux-thunderbird
< 60.4.0
CVE-2018-12405
CVE-2018-12406
CVE-2018-12407
CVE-2018-17466
CVE-2018-18492
CVE-2018-18493
CVE-2018-18494
CVE-2018-18495
CVE-2018-18496
CVE-2018-18497
CVE-2018-18498
https://www.mozilla.org/en-US/security/advisories/mfsa2018-29/
https://www.mozilla.org/en-US/security/advisories/mfsa2018-30/
|
0f31b4e9-c827-11e9-9626-589cfc01894a | Mozilla -- Stored passwords in 'Saved Logins' can be copied without master password entry
Mozilla Foundation reports:
CVE-2019-11733: Stored passwords in 'Saved Logins' can
be copied without master password entry
When a master password is set, it is required to be
entered again before stored passwords can be accessed in the 'Saved
Logins' dialog. It was found that locally stored passwords can be
copied to the clipboard thorough the 'copy password' context menu item
without re-entering the master password if the master password had
been previously entered in the same session, allowing for potential
theft of stored passwords.
Discovery 2019-08-14 Entry 2019-08-28 cliqz
< 1.28.2
firefox
< 68.0.2,1
https://www.mozilla.org/security/advisories/mfsa2019-24/
CVE-2019-11733
|