Slackware Linux update for mozilla-firefox

Published: 2019-08-15

Risk	Low
Patch available	YES
Number of vulnerabilities	1
CVE-ID	CVE-2019-11733
CWE-ID	CWE-256
Exploitation vector	Local
Public exploit	N/A
Vulnerable software	Slackware Linux Operating systems & Components / Operating system
Vendor	Slackware

Security Bulletin

This security bulletin contains one low risk vulnerability.

1) Unprotected storage of credentials

EUVDB-ID: #VU20292

Risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2019-11733

CWE-ID: CWE-256 - Unprotected Storage of Credentials

Exploit availability: No

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to a logical error in the way stored passwords are processed. A local user can access stored passwords in the 'Saved Logins' dialog, as locally stored passwords can be copied to the clipboard thorough the 'copy password' context menu item without first entering the master password.

Mitigation

Update the affected package mozilla-firefox.

Vulnerable software versions

Slackware Linux: 14.2

CPE2.3

cpe:2.3:o:slackware:slackware_linux:14.2:*:*:*:*:*:*:*

External links

https://www.slackware.com/security/viewer.php?l=slackware-security&y=2019&m=slackware-security.362237

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.