[ASA-201908-11] firefox: information disclosure
Jelle van der Waa
jelle at archlinux.org
Sat Aug 24 13:39:19 UTC 2019
Arch Linux Security Advisory ASA-201908-11
Date : 2019-08-16
CVE-ID : CVE-2019-11733
Package : firefox
Type : information disclosure
Remote : No
Link : https://security.archlinux.org/AVG-1025
The package firefox before version 68.0.2-1 is vulnerable to
Upgrade to 68.0.2-1.
# pacman -Syu "firefox>=68.0.2-1"
The problem has been fixed upstream in version 68.0.2.
An issue has been found in Firefox before 68.0.2. When a master
password is set, it is required to be entered before stored passwords
can be accessed in the 'Saved Logins' dialog. It was found that locally
stored passwords can be copied to the clipboard through the 'copy
password' context menu item without first entering the master password,
allowing for potential theft of stored passwords.
A local attacker is able to obtain stored passwords without first
entering the master password leading to information disclosure.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 488 bytes
Desc: not available
More information about the arch-security