FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Mozilla -- Stored passwords in 'Saved Logins' can be copied without master password entry

Affected packages
cliqz < 1.28.2
firefox < 68.0.2,1

Details

VuXML ID 0f31b4e9-c827-11e9-9626-589cfc01894a
Discovery 2019-08-14
Entry 2019-08-28

Mozilla Foundation reports:

CVE-2019-11733: Stored passwords in 'Saved Logins' can be copied without master password entry

When a master password is set, it is required to be entered again before stored passwords can be accessed in the 'Saved Logins' dialog. It was found that locally stored passwords can be copied to the clipboard thorough the 'copy password' context menu item without re-entering the master password if the master password had been previously entered in the same session, allowing for potential theft of stored passwords.

References

CVE Name CVE-2019-11733
URL https://www.mozilla.org/security/advisories/mfsa2019-24/