When a master password is set, it is required to be entered again before stored passwords can be accessed in the ‘Saved Logins’ dialog. It was found that locally stored passwords can be copied to the clipboard thorough the ‘copy password’ context menu item without re-entering the master password if the master password had been previously entered in the same session, allowing for potential theft of stored passwords. This vulnerability affects Firefox < 68.0.2 and Firefox ESR < 68.0.2.
View Full Alert
Related Posts
CVE-2019-11724 (firefox)Application permissions give additional remote troubleshooting permission to the site input.mozilla.org, which has been retired and now redirects to another site. This additional permission is unnecessary and is a potential…
CVE-2019-11718 (firefox)Activity Stream can display content from sent from the Snippet Service website. This content is written to innerHTML on the Activity Stream page without sanitization, allowing for a potential access…
CVE-2019-11716 (firefox)Until explicitly accessed by script, window.globalThis is not enumerable and, as a result, is not visible to code such as Object.getOwnPropertyNames(window). Sites that deploy a sandboxing that depends on enumerating…
