Main Vulnerability Database Vulnerabilities #VU100963

Permissions, Privileges, and Access Controls in Firefox for Android - CVE-2024-11703

Published: November 26, 2024

Vulnerability identifier: #VU100963

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2024-11703

CWE-ID: CWE-264

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: Mozilla

Affected software:
Firefox for Android

Detailed vulnerability description

The vulnerability allows a an attacker with physical access to device to view user's passwords.

The vulnerability exists due to application allows to view stored passwords without the required device PIN authentication. An attacker with access to the mobile device can view passwords stored in browser.

How to mitigate CVE-2024-11703

Install updates from vendor's website.

Sources

https://www.mozilla.org/en-US/security/advisories/mfsa2024-63/
https://bugzilla.mozilla.org/show_bug.cgi?id=1928779

Permissions, Privileges, and Access Controls in Firefox for Android - CVE-2024-11703

Detailed vulnerability description

How to mitigate CVE-2024-11703

Sources

Please verify you're human