Lucene search

K

[email protected]NVD:CVE-2018-12383

HistoryOct 18, 2018 - 1:29 p.m.

CVE-2018-12383

2018-10-1813:29:05

CWE-522

[email protected]

web.nvd.nist.gov

3

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

5.5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

32.9%

If a user saved passwords before Firefox 58 and then later set a master password, an unencrypted copy of these passwords is still accessible. This is because the older stored password file was not deleted when the data was copied to a new format starting in Firefox 58. The new master password is added only on the new file. This could allow the exposure of stored password data outside of user expectations. This vulnerability affects Firefox < 62, Firefox ESR < 60.2.1, and Thunderbird < 60.2.1.

Affected configurations

NVD

Node

redhatenterprise_linux_desktopMatch6.0

OR

redhatenterprise_linux_desktopMatch7.0

OR

redhatenterprise_linux_serverMatch6.0

OR

redhatenterprise_linux_serverMatch7.0

OR

redhatenterprise_linux_server_ausMatch7.6

OR

redhatenterprise_linux_server_eusMatch7.5

OR

redhatenterprise_linux_server_eusMatch7.6

OR

redhatenterprise_linux_server_tusMatch7.6

OR

redhatenterprise_linux_workstationMatch6.0

OR

redhatenterprise_linux_workstationMatch7.0

Node

debiandebian_linuxMatch8.0

OR

debiandebian_linuxMatch9.0

Node

canonicalubuntu_linuxMatch14.04lts

OR

canonicalubuntu_linuxMatch16.04lts

OR

canonicalubuntu_linuxMatch18.04lts

Node

mozillafirefoxRange<62.0

OR

mozillafirefox_esrRange<60.2.1

OR

mozillathunderbirdRange<60.2.1

References

www.securityfocus.com/bid/105276

www.securitytracker.com/id/1041610

www.securitytracker.com/id/1041701

access.redhat.com/errata/RHSA-2018:2834

access.redhat.com/errata/RHSA-2018:2835

access.redhat.com/errata/RHSA-2018:3403

access.redhat.com/errata/RHSA-2018:3458

bugzilla.mozilla.org/show_bug.cgi?id=1475775

lists.debian.org/debian-lts-announce/2018/11/msg00011.html

security.gentoo.org/glsa/201810-01

security.gentoo.org/glsa/201811-13

usn.ubuntu.com/3761-1/

usn.ubuntu.com/3793-1/

www.debian.org/security/2018/dsa-4304

www.debian.org/security/2018/dsa-4327

www.mozilla.org/security/advisories/mfsa2018-20/

www.mozilla.org/security/advisories/mfsa2018-23/

www.mozilla.org/security/advisories/mfsa2018-25/

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

5.5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

32.9%

Related for NVD:CVE-2018-12383

ubuntucve1 prion1 veracode1 debiancve1 nessus49 cve1 redhatcve1 slackware1 openvas24 cvelist1 debian3 altlinux2 suse3 osv3 redhat4 oraclelinux3 kaspersky3 mozilla3 centos3 ubuntu4 archlinux1 freebsd1 mageia1 gentoo2