2 matches found
Mozilla: Data race and potential use-after-free in PK11_ChangePW
The Mozilla Foundation Security Advisory describes this flaw as: A data race could occur in the PK11ChangePW function, potentially leading to a use-after-free vulnerability. In Firefox, this lock protected the data when a user changed their master password...
Mozilla: Setting a master password post-Firefox 58 does not delete unencrypted previously stored passwords
If a user saved passwords before Firefox 58 and then later set a master password, an unencrypted copy of these passwords is still accessible. This is because the older stored password file was not deleted when the data was copied to a new format starting in Firefox 58. The new master password is...