SB2019081674 - Unprotected storage of credentials in firefox-esr (Alpine package)
Published: August 16, 2019
Security Bulletin ID
SB2019081674
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Information disclosure
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Unprotected storage of credentials (CVE-ID: CVE-2019-11733)
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to a logical error in the way stored passwords are processed. A local user can access stored passwords in the 'Saved Logins' dialog, as locally stored passwords can be copied to the clipboard thorough the 'copy password' context menu item without first entering the master password.
Remediation
Install update from vendor's website.
References
- https://git.alpinelinux.org/aports/commit/?id=795c32179f1238f33dd64c4fab4a8e94d9017368
- https://git.alpinelinux.org/aports/commit/?id=ebf9184f5bbef1f9faab710ffb48bb36b5bae10e
- https://git.alpinelinux.org/aports/commit/?id=e5a275b24da3c5a93d0058cacfc17075551e2297
- https://git.alpinelinux.org/aports/commit/?id=2158f01e86aa6551e5e429999acda15151214929