5
CVSSv2

CVE-2019-11733

Published: 27/09/2019 Updated: 05/10/2019
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Summary

Mozilla Firefox could allow a remote malicious user to obtain sensitive information, caused by the copying of stored passwords in Saved Logins without providing the master password. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to obtain stored passwords and other sensitive information.

Vulnerability Trend

Affected Products

Vendor Product Versions
MozillaFirefox-, 0.1, 0.2, 0.3, 0.4, 0.5, 0.6, 0.6.1, 0.7, 0.7.1, 0.8, 0.9, 0.9.1, 0.9.2, 0.9.3, 0.10, 0.10.1, 1.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, 1.0.5, 1.0.6, 1.0.7, 1.0.8, 1.4.1, 1.5, 1.5.0.1, 1.5.0.2, 1.5.0.3, 1.5.0.4, 1.5.0.5, 1.5.0.6, 1.5.0.7, 1.5.0.8, 1.5.0.9, 1.5.0.10, 1.5.0.11, 1.5.0.12, 1.5.1, 1.5.2, 1.5.3, 1.5.4, 1.5.5, 1.5.6, 1.5.7, 1.5.8, 1.8, 2.0, 2.0.0.1, 2.0.0.2, 2.0.0.3, 2.0.0.4, 2.0.0.5, 2.0.0.6, 2.0.0.7, 2.0.0.8, 2.0.0.9, 2.0.0.10, 2.0.0.11, 2.0.0.12, 2.0.0.13, 2.0.0.14, 2.0.0.15, 2.0.0.16, 2.0.0.17, 2.0.0.18, 2.0.0.19, 2.0.0.20, 3.0, 3.0.1, 3.0.2, 3.0.3, 3.0.4, 3.0.5, 3.0.6, 3.0.7, 3.0.8, 3.0.9, 3.0.10, 3.0.11, 3.0.12, 3.0.13, 3.0.14, 3.0.15, 3.0.16, 3.0.17, 3.0.18, 3.0.19, 3.5, 3.5.1, 3.5.2, 3.5.3, 3.5.4, 3.5.5, 3.5.6, 3.5.7, 3.5.8, 3.5.9, 3.5.10, 3.5.11, 3.5.12, 3.5.13, 3.5.14, 3.5.15, 3.5.16, 3.5.17, 3.5.18, 3.5.19, 3.6, 3.6.2, 3.6.3, 3.6.4, 3.6.6, 3.6.7, 3.6.8, 3.6.9, 3.6.10, 3.6.11, 3.6.12, 3.6.13, 3.6.14, 3.6.15, 3.6.16, 3.6.17, 3.6.18, 3.6.19, 3.6.20, 3.6.21, 3.6.22, 3.6.23, 3.6.24, 3.6.25, 3.6.26, 3.6.27, 3.6.28, 4.0, 4.0.1, 5.0, 5.0.1, 6.0, 6.0.1, 6.0.2, 7.0, 7.0.1, 8.0, 8.0.1, 9.0, 9.0.1, 10.0, 10.0.1, 10.0.2, 10.0.3, 10.0.4, 10.0.5, 10.0.6, 10.0.7, 10.0.8, 10.0.9, 10.0.10, 10.0.11, 10.0.12, 11.0, 12.0, 13.0, 13.0.1, 14.0, 14.0.1, 15.0, 15.0.1, 16.0, 16.0.1, 16.0.2, 17.0, 17.0.1, 17.0.2, 17.0.3, 17.0.4, 17.0.5, 17.0.6, 17.0.7, 17.0.8, 17.0.9, 17.0.10, 17.0.11, 18.0, 18.0.1, 18.0.2, 19.0, 19.0.1, 19.0.2, 20.0, 20.0.1, 21.0, 22.0, 23.0, 23.0.1, 24.0, 24.1, 24.1.0, 24.1.1, 24.2.0, 24.3.0, 24.4.0, 24.5.0, 24.6.0, 24.7.0, 24.8.0, 24.8.1, 25.0, 25.0.1, 26.0, 27.0, 27.0.1, 28.0, 29.0, 29.0.1, 30.0, 31.0, 31.1.0, 31.1.1, 31.2.0, 31.3.0, 31.4.0, 31.5.0, 31.5.2, 31.5.3, 31.6.0, 31.7.0, 31.8.0, 32.0, 32.0.1, 32.0.2, 32.0.3, 33.0, 33.0.1, 33.0.2, 33.0.3, 33.1, 33.1.1, 34.0, 34.0.5, 35.0, 35.0.1, 36.0, 36.0.1, 36.0.3, 36.0.4, 37.0, 37.0.1, 37.0.2, 38.0, 38.0.1, 38.0.5, 38.1.0, 38.1.1, 38.2.0, 38.2.1, 38.3.0, 38.4.0, 38.5.0, 38.5.1, 38.5.2, 38.6.0, 38.6.1, 38.7.0, 38.7.1, 38.8.0, 39.0, 39.0.3, 40.0, 40.0.2, 40.0.3, 41.0, 41.0.1, 41.0.2, 42.0, 43.0, 43.0.1, 43.0.2, 43.0.3, 43.0.4, 44.0, 44.0.1, 44.0.2, 45.0, 45.0.1, 45.0.2, 45.1.1, 45.2.0, 45.3.0, 45.4.0, 45.5.0, 45.5.1, 45.6.0, 45.7.0, 45.8.0, 45.9.0, 46.0, 46.0.1, 47.0, 47.0.1, 47.0.2, 48.0, 48.0.1, 48.0.2, 49.0, 49.0.1, 49.0.2, 50, 50.0, 50.0.1, 50.0.2, 50.1.0, 51.0, 51.0.1, 51.0.3, 52.0, 52.0.1, 52.0.2, 52.1.0, 52.1.1, 52.1.2, 52.2.0, 52.2.1, 52.3.0, 52.4.0, 52.4.1, 52.5.0, 52.5.2, 52.5.3, 52.6.0, 52.7.0, 52.7.1, 52.7.2, 52.7.3, 52.7.4, 52.8.0, 52.8.1, 52.9.0, 53.0, 53.0.2, 53.0.3, 54.0, 54.0.1, 55.0, 55.0.1, 55.0.2, 55.0.3, 56.0, 56.0.1, 56.0.2, 57.0, 57.0.1, 57.0.2, 57.0.3, 57.0.4, 58, 58.0, 58.0.1, 58.0.2, 59, 59.0, 59.0.1, 59.0.2, 59.0.3, 60, 60.0, 60.0.1, 60.0.2, 60.1.0, 60.2.0, 60.2.1, 60.2.2, 60.3.0, 60.4.0, 60.5.0, 60.6.1, 60.7.3, 61.0, 61.0.1, 61.0.2, 62.0, 62.0.2, 62.0.3, 63.0, 63.0.1, 63.0.3, 64.0, 64.0.2, 65.0, 66.0, 66.0.1, 66.0.2, 66.0.3, 67.0.2, 68.0, 68.0.1
MozillaFirefox Esr10.0, 10.0.1, 10.0.2, 10.0.3, 10.0.4, 10.0.5, 10.0.6, 10.0.7, 10.0.8, 10.0.9, 10.0.10, 10.0.11, 10.0.12, 17.0, 17.0.1, 17.0.2, 17.0.3, 17.0.4, 17.0.5, 17.0.6, 17.0.7, 17.0.8, 17.0.9, 17.0.10, 17.0.11, 24.0, 24.0.1, 24.0.2, 24.1.0, 24.1.1, 24.2, 24.3, 24.4, 24.5, 24.6, 24.7, 24.8, 31.0, 31.1, 31.1.0, 31.1.1, 31.2, 31.3, 31.3.0, 31.4, 31.5, 31.5.1, 31.5.2, 31.5.3, 31.6, 31.7, 31.8, 38.0, 38.0.1, 38.0.5, 38.1.0, 38.1.1, 38.2.0, 38.2.1, 38.3.0, 38.4.0, 38.5.0, 38.5.1, 38.5.2, 38.6.0, 38.6.1, 38.7.0, 38.7.1, 38.8.0, 45.0, 45.0.1, 45.0.2, 45.1.0, 45.1.1, 45.2.0, 45.3.0, 45.4.0, 45.5.0, 45.5.1, 45.6.0, 45.7.0, 45.8.0, 45.9.0, 52.0, 52.1.0, 52.1.1, 52.1.2, 52.2.0, 52.2.1, 52.3.0, 52.4.0, 52.4.1, 52.5.0, 52.5.2, 52.5.3, 52.6.0, 52.7.0, 52.7.1, 52.7.2, 52.7.3, 52.7.4, 52.8.0, 52.8.1, 52.9.0, 53.0.0, 60.0, 60.1.0, 60.2.0, 60.2.2, 60.3.0, 60.4.0, 60.5.0, 60.6.0, 60.6.1, 60.7.0, 60.7.1

Vendor Advisories

A local attacker could obtain saved passwords ...
Synopsis Critical: firefox security update Type/Severity Security Advisory: Critical Topic An update for firefox is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Critical A Common Vulnerability Scoring System (CVSS) base score, wh ...
Synopsis Critical: firefox security update Type/Severity Security Advisory: Critical Topic An update for firefox is now available for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having a security impact of Critical A Common Vulnerability Scoring System (CVSS) base score, wh ...
Arch Linux Security Advisory ASA-201908-11 ========================================== Severity: Medium Date : 2019-08-16 CVE-ID : CVE-2019-11733 Package : firefox Type : information disclosure Remote : No Link : securityarchlinuxorg/AVG-1025 Summary ======= The package firefox before version 6802-1 is vulnerable to informa ...
An issue has been found in Firefox before 6802 When a master password is set, it is required to be entered before stored passwords can be accessed in the 'Saved Logins' dialog It was found that locally stored passwords can be copied to the clipboard through the 'copy password' context menu item without first entering the master password, allowi ...

Recent Articles

Mozilla Firefox Bug Let Third-Parties Access Saved Passwords
BleepingComputer • Sergiu Gatlan • 16 Aug 2019

Mozilla patched a vulnerability in the Firefox web browser with the launch of the 68.0.2 release which would allow unauthorized users to copy passwords from the browser's built-in Save Logins database even when protected with a master password.
"Stored passwords in 'Saved Logins' can be copied without master password entry" according to Mozilla security advisory, which also rates the security flaw tracked as CVE-2019-11733 as having a 'moderate' impact.
The flaw allows anyone with l...