CVE-2019-11733
Description
When a master password is set, it is required to be entered again before stored passwords can be accessed in the Saved Logins dialog. It was found that locally stored passwords can be copied to the clipboard thorough the copy password context menu item without re-entering the master password if the master password had been previously entered in the same session, allowing for potential theft of stored passwords. This vulnerability affects Firefox < 68.0.2 and Firefox ESR < 68.0.2.
Risk Information
Base Score
9.8
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.39
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2019-11733 are fixed in Mozilla Firefox (.exe) (x64) (68.0.2) | Windows |
| Vulnerabilities CVE-2019-11733 are fixed in Mozilla Firefox (x64) (68.0.2) | Windows |
| Vulnerabilities CVE-2019-11733 are fixed in Mozilla Firefox (.exe) (68.0.2) | Windows |
| Vulnerabilities CVE-2019-11733 are fixed in Mozilla Firefox ESR (x64) (68.0.2) | Windows |
| Vulnerabilities CVE-2019-11733 are fixed in Mozilla Firefox ESR (68.0.2) | Windows |
| Vulnerabilities CVE-2019-11733 are fixed in Update for Mozilla Firefox For Mac (68.0.2) | Mac |
| Vulnerabilities CVE-2019-11733 are affected in Firefox ESR for Mac 68.0 | Mac |
| Vulnerabilities CVE-2019-11733 are affected in Mozilla Firefox for Mac 68.0 | Mac |
| Multiple Vulnerabilities are affected in Mozilla Firefox for Mac 68.0.1 | Mac |
| Mozilla Open Source web browser (USN-4101-1) firefox_68.0.2+build1-0ubuntu0.16.04.1_i386.deb | Linux |
| Mozilla Open Source web browser (USN-4101-1) firefox_68.0.2+build1-0ubuntu0.16.04.1_amd64.deb | Linux |
| Mozilla Open Source web browser (USN-4101-1) firefox_68.0.2+build1-0ubuntu0.18.04.1_i386.deb | Linux |
| Mozilla Open Source web browser (USN-4101-1) firefox_68.0.2+build1-0ubuntu0.18.04.1_amd64.deb | Linux |
| Mozilla Open Source web browser (USN-4101-1) firefox_68.0.2+build1-0ubuntu0.19.04.1_i386.deb | Linux |
| Mozilla Open Source web browser (USN-4101-1) firefox_68.0.2+build1-0ubuntu0.19.04.1_amd64.deb | Linux |
| (RHSA-2019:2694) firefox security update firefox-60.9.0-1.el6_10.i686.rpm | Linux |
| (RHSA-2019:2694) firefox security update firefox-60.9.0-1.el6_10.x86_64.rpm | Linux |
| (RHSA-2019:2729) firefox security update firefox-60.9.0-1.el7_7.i686.rpm | Linux |
| (RHSA-2019:2729) firefox security update firefox-60.9.0-1.el7_7.x86_64.rpm | Linux |
| SUSE-SU-2019:2620-1(SUSE Linux Enterprise Desktop 12-SP4 ) MozillaFirefox-68.1.0-109.89.1.x86_64.rpm | Linux |
| SUSE-SU-2019:2620-1(SUSE Linux Enterprise Desktop 12-SP4 ) MozillaFirefox-branding-SLE-68-32.8.1.x86_64.rpm | Linux |
| SUSE-SU-2019:2620-1(SUSE Linux Enterprise Desktop 12-SP4 ) MozillaFirefox-debuginfo-68.1.0-109.89.1.x86_64.rpm | Linux |
| SUSE-SU-2019:2620-1(SUSE Linux Enterprise Desktop 12-SP4 ) MozillaFirefox-debugsource-68.1.0-109.89.1.x86_64.rpm | Linux |
| SUSE-SU-2019:2620-1(SUSE Linux Enterprise Desktop 12-SP4 ) MozillaFirefox-translations-common-68.1.0-109.89.1.x86_64.rpm | Linux |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-310691 | Mozilla Firefox (.exe) (x64) (68.0.2) |
| PATCH-310691 | Mozilla Firefox (.exe) (x64) (68.0.2) |
| PATCH-310690 | Mozilla Firefox (.exe) (68.0.2) |
| PATCH-310718 | Mozilla Firefox ESR (x64) (68.0.2) |
| PATCH-310717 | Mozilla Firefox ESR (68.0.2) |
| PATCH-607000 | Mozilla Firefox For Mac (124.0) |
| PATCH-611808 | Mozilla Firefox ESR for MAC 128.14.0 |
| PATCH-611870 | Mozilla Firefox For Mac (142.0.1) |
| PATCH-611870 | Mozilla Firefox For Mac (142.0.1) |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234