Firefox password manager was an open vault

Attackers would have been able to access locally stored passwords in Firefox with relatively little effort. Mozilla's web browser comes with a password manager from the factory, stores passwords from online services as required, and automatically populates corresponding fields on websites. Mozilla has identified the risk posed by the vulnerability (CVE-2019-11733) as "moderate"classified.

The actual Issue 68.0.2 is repaired, Write the Mozilla developers in a post, The vulnerability should also be affected by Firefox ESR. However, a successful attack requires an attacker to have local access to a computer. If this is the case, he could without having to enter the master password in the Firefox settings passwords in plain text copy to the clipboard.

Those who use the password manager should be careful to enable the master password – by default this is not the case. If it is active, you only have access to stored passwords after it has been entered, making it difficult for third parties to gain insight.


. (TagsToTranslate) Firefox (t) passwords (t) patch day (t) vulnerabilities (t) update