5.5

CVE-2018-12383

Exploit
If a user saved passwords before Firefox 58 and then later set a master password, an unencrypted copy of these passwords is still accessible. This is because the older stored password file was not deleted when the data was copied to a new format starting in Firefox 58. The new master password is added only on the new file. This could allow the exposure of stored password data outside of user expectations. This vulnerability affects Firefox < 62, Firefox ESR < 60.2.1, and Thunderbird < 60.2.1.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
DebianDebian Linux Version8.0
DebianDebian Linux Version9.0
CanonicalUbuntu Linux Version14.04 SwEditionlts
CanonicalUbuntu Linux Version16.04 SwEditionlts
CanonicalUbuntu Linux Version18.04 SwEditionlts
MozillaFirefox Version < 62.0
MozillaFirefox ESR Version < 60.2.1
MozillaThunderbird Version < 60.2.1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.46% 0.363
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov 2.1 3.9 2.9
AV:L/AC:L/Au:N/C:P/I:N/A:N
CWE-522 Insufficiently Protected Credentials

The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

http://www.securitytracker.com/id/1041610
Third Party Advisory
VDB Entry
https://access.redhat.com/errata/RHSA-2018:3403
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:3458
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2018/11/msg00011.html
Third Party Advisory
Mailing List
https://security.gentoo.org/glsa/201810-01
Third Party Advisory
https://security.gentoo.org/glsa/201811-13
Third Party Advisory
https://www.debian.org/security/2018/dsa-4327
Third Party Advisory
http://www.securityfocus.com/bid/105276
Third Party Advisory
VDB Entry
https://usn.ubuntu.com/3761-1/
Third Party Advisory
https://www.mozilla.org/security/advisories/mfsa2018-20/
Vendor Advisory
https://usn.ubuntu.com/3793-1/
Third Party Advisory
https://www.mozilla.org/security/advisories/mfsa2018-25/
Vendor Advisory
http://www.securitytracker.com/id/1041701
Third Party Advisory
VDB Entry
https://access.redhat.com/errata/RHSA-2018:2834
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:2835
Third Party Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=1475775
Vendor Advisory
Exploit
Issue Tracking
https://www.debian.org/security/2018/dsa-4304
Third Party Advisory
https://www.mozilla.org/security/advisories/mfsa2018-23/
Vendor Advisory