Main Vulnerability Database Vulnerabilities #VU100963

#VU100963 Permissions, Privileges, and Access Controls in Firefox for Android - CVE-2024-11703

Published: November 26, 2024

Vulnerability identifier: #VU100963

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2024-11703

CWE-ID: CWE-264

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
Firefox for Android

Software vendor:
Mozilla

Description

The vulnerability allows a an attacker with physical access to device to view user's passwords.

The vulnerability exists due to application allows to view stored passwords without the required device PIN authentication. An attacker with access to the mobile device can view passwords stored in browser.

Remediation

Install updates from vendor's website.

External links

https://www.mozilla.org/en-US/security/advisories/mfsa2024-63/
https://bugzilla.mozilla.org/show_bug.cgi?id=1928779

#VU100963 Permissions, Privileges, and Access Controls in Firefox for Android - CVE-2024-11703

Description

Remediation

External links

Please verify you're human