Bug in Firefox password manager enabled easy retrieval

Posted on Monday, August 19 2019 @ 10:34 CEST by Thomas De Maesschalck

Mozilla announced it recently fixed a "moderate" bug in the Firefox password manager. Users have the option to protect passwords with a master password but as it turns out, this protection could easily be circumvented. On versions before Firefox 68.0.2, users could simply copy passwords to the clipboard, without having to enter the master password.

CVE-2019-11733: Stored passwords in 'Saved Logins' can be copied without master password entry
When a master password is set, it is required to be entered before stored passwords can be accessed in the 'Saved Logins' dialog. It was found that locally stored passwords can be copied to the clipboard thorough the 'copy password' context menu item without first entering the master password, allowing for potential theft of stored passwords.

About the Author

Thomas De Maesschalck

Thomas has been messing with computer since early childhood and firmly believes the Internet is the best thing since sliced bread. Enjoys playing with new tech, is fascinated by science, and passionate about financial markets. When not behind a computer, he can be found with running shoes on or lifting heavy weights in the weight room.

Loading Comments

Share this story!