Published: 18/10/2018 Updated: 03/10/2019

CVSS v2 Base Score: 2.1 | Impact Score: 2.9 | Exploitability Score: 3.9

CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8

VMScore: 187

Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N

If a user saved passwords before Firefox 58 and then later set a master password, an unencrypted copy of these passwords is still accessible. This is because the older stored password file was not deleted when the data was copied to a new format starting in Firefox 58. The new master password is added only on the new file. This could allow the exposure of stored password data outside of user expectations. This vulnerability affects Firefox < 62, Firefox ESR < 60.2.1, and Thunderbird < 60.2.1.

Vulnerable Product	Search on Vulmon	Subscribe to Product
redhat enterprise linux server eus 7.6
redhat enterprise linux server tus 7.6
redhat enterprise linux workstation 6.0
redhat enterprise linux workstation 7.0
redhat enterprise linux server 6.0
redhat enterprise linux server aus 7.6
redhat enterprise linux desktop 6.0
redhat enterprise linux desktop 7.0
redhat enterprise linux server 7.0
redhat enterprise linux server eus 7.5
debian debian linux 8.0
debian debian linux 9.0
canonical ubuntu linux 14.04
canonical ubuntu linux 16.04
canonical ubuntu linux 18.04
mozilla firefox
mozilla thunderbird
mozilla firefox esr

Synopsis Important: thunderbird security update Type/Severity Security Advisory: Important Topic An update for thunderbird is now available for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) bas ...

Synopsis Moderate: firefox security update Type/Severity Security Advisory: Moderate Topic An update for firefox is now available for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score, wh ...

Synopsis Moderate: firefox security update Type/Severity Security Advisory: Moderate Topic An update for firefox is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score, wh ...

Synopsis Important: thunderbird security update Type/Severity Security Advisory: Important Topic An update for thunderbird is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) bas ...

Several security issues were fixed in Thunderbird ...

Firefox could be made to crash or run programs as your login if it opened a malicious website ...

USN-3761-1 caused several regressions in Firefox ...

Two security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code and local information disclosure For the stable distribution (stretch), these problems have been fixed in version 6021esr-1~deb9u1 We recommend that you upgrade your firefox-esr packages For the detailed sec ...

If a user saved passwords before Firefox 58 and then later set a master password, an unencrypted copy of these passwords is still accessible This is because the older stored password file was not deleted when the data was copied to a new format starting in Firefox 58 The new master password is added only on the new file This could allow the expo ...

A security issue has been found in Thunderbird versions prior to 6021 If a user saved passwords before the move to a new password format and then later set a master password, an unencrypted copy of these passwords is still accessible This is because the older stored password file was not deleted when the data was copied to a new format The new ...

Mozilla Foundation Security Advisory 2018-20 Security vulnerabilities fixed in Firefox 62 Announced September 5, 2018 Impact critical Products Firefox Fixed in Firefox 62 ...

Mozilla Foundation Security Advisory 2018-23 Security vulnerabilities fixed in Firefox ESR 6021 Announced September 21, 2018 Impact moderate Products Firefox ESR Fixed in Firefox ESR 6021 ...

Mozilla Foundation Security Advisory 2018-25 Security vulnerabilities fixed in Thunderbird 6021 Announced October 4, 2018 Impact critical Products Thunderbird Fixed in Thunderbird 6021 ...

CWE-522 https://www.mozilla.org/security/advisories/mfsa2018-25/https://www.mozilla.org/security/advisories/mfsa2018-23/https://www.mozilla.org/security/advisories/mfsa2018-20/https://bugzilla.mozilla.org/show_bug.cgi?id=1475775 https://www.debian.org/security/2018/dsa-4304 https://usn.ubuntu.com/3793-1/https://usn.ubuntu.com/3761-1/https://access.redhat.com/errata/RHSA-2018:2835 https://access.redhat.com/errata/RHSA-2018:2834 http://www.securitytracker.com/id/1041701 http://www.securitytracker.com/id/1041610 http://www.securityfocus.com/bid/105276 https://security.gentoo.org/glsa/201810-01 https://www.debian.org/security/2018/dsa-4327 https://access.redhat.com/errata/RHSA-2018:3403 https://access.redhat.com/errata/RHSA-2018:3458 https://lists.debian.org/debian-lts-announce/2018/11/msg00011.html https://security.gentoo.org/glsa/201811-13 https://nvd.nist.gov https://access.redhat.com/errata/RHSA-2018:3403 https://usn.ubuntu.com/3793-1/

Get Started

CVE-2018-12383

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect