Firefox fixes “master password” security bypass bug
Firefox just pushed out an update to fix a security glitch…
…in its password manager.
Mozilla delivers a new major version every six weeks on what we jocularly call fortytwosday, given that it always comes out on a Tuesday (and that 6 × 7 = 42).
Point releases, mainly to fix security issues, often come out between the main fortytwosday versions, as in this case, taking the full version number of the current 68-flavoured release from 68.0.1 to 68.0.2.
What’s interesting in this release is the security fix it delivers:
CVE-2019-11733: Stored passwords in ‘Saved Logins’ can be copied without master password entry.
When a master password is set, it is required to be entered before stored passwords can be accessed in the ‘Saved Logins’ dialog. It was found that locally stored passwords can be copied to the clipboard thorough the ‘copy password’ context menu item without first entering the master password, allowing for potential theft of stored passwords.