CVE-2019-11733

medium

Published — · Modified —

CVSS v3

—

CVSS v2

—

VIR risk

5.5

Description

When a master password is set, it is required to be entered again before stored passwords can be accessed in the 'Saved Logins' dialog. It was found that locally stored passwords can be copied to the clipboard thorough the 'copy password' context menu item without re-entering the master password if the master password had been previously entered in the same session, allowing for potential theft of stored passwords. This vulnerability affects Firefox < 68.0.2 and Firefox ESR < 68.0.2.

Predictions

Exploit likelihood

20%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2019-11733

vendor Authored 2026-05-27

Vendor advisory: suse — https://www.suse.com/security/cve/CVE-2019-11733.html

vendor Authored 2026-05-27

Vendor advisory: arch — https://security.archlinux.org/ASA-201908-11

OS impact

OS	Version	Status	Fixed in
arch		fixed	`68.0.2-1`
sles		affected
debian	sid	fixed	`68.0.2-1`

References

Verify integrity in audit chain (admin only). AS-IS.