QwikSec

Security Database

CVE

CWE

Training

CVE-2018-12383

Published: Oct 18, 2018

Modified: Aug 5, 2024

PUBLISHED

Description

If a user saved passwords before Firefox 58 and then later set a master password, an unencrypted copy of these passwords is still accessible. This is because the older stored password file was not deleted when the data was copied to a new format starting in Firefox 58. The new master password is added only on the new file. This could allow the exposure of stored password data outside of user expectations. This vulnerability affects Firefox < 62, Firefox ESR < 60.2.1, and Thunderbird < 60.2.1.

Vendor	Product	Versions
Mozilla	Firefox	affected `unspecified - < 62`
Mozilla	Firefox ESR	affected `unspecified - < 60.2.1`
Mozilla	Thunderbird	affected `unspecified - < 60.2.1`

References

vendor-advisory

x_refsource_GENTOO

[debian-lts-announce] 20181112 [SECURITY] [DLA 1575-1] thunderbird security update

mailing-list

x_refsource_MLIST

vendor-advisory

x_refsource_GENTOO

https://bugzilla.mozilla.org/show_bug.cgi?id=1475775

x_refsource_CONFIRM

vendor-advisory

x_refsource_DEBIAN

https://www.mozilla.org/security/advisories/mfsa2018-23/

x_refsource_CONFIRM

vendor-advisory

x_refsource_REDHAT

vendor-advisory

x_refsource_REDHAT

https://www.mozilla.org/security/advisories/mfsa2018-20/

x_refsource_CONFIRM

vdb-entry

x_refsource_SECTRACK

vdb-entry

x_refsource_BID

vdb-entry

x_refsource_SECTRACK

vendor-advisory

x_refsource_REDHAT

vendor-advisory

x_refsource_DEBIAN

vendor-advisory

x_refsource_REDHAT

vendor-advisory

x_refsource_UBUNTU

https://www.mozilla.org/security/advisories/mfsa2018-25/

x_refsource_CONFIRM

vendor-advisory

x_refsource_UBUNTU

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.