Firefox fixes “master password” security bypass bug
…in its password manager.
Point releases, mainly to fix security issues, often come out between the main fortytwosday versions, as in this case, taking the full version number of the current 68-flavoured release from 68.0.1 to 68.0.2.
What’s interesting in this release is the security fix it delivers:
CVE-2019-11733: Stored passwords in ‘Saved Logins’ can be copied without master password entry.
When a master password is set, it is required to be entered before stored passwords can be accessed in the ‘Saved Logins’ dialog. It was found that locally stored passwords can be copied to the clipboard thorough the ‘copy password’ context menu item without first entering the master password, allowing for potential theft of stored passwords.