Logins saved by Firefox should be managed by the Password Manager component which uses encryption to save files on-disk. Instead, the username (not password) was saved by the Form Manager to an unencrypted file on disk. This vulnerability affects Firefox < 106.
Weakness
The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Firefox | Mozilla | * | 106.0 (excluding) |
| Firefox | Ubuntu | bionic | * |
| Firefox | Ubuntu | focal | * |
| Firefox | Ubuntu | trusty | * |
| Firefox | Ubuntu | upstream | * |
| Firefox | Ubuntu | xenial | * |
| Thunderbird | Ubuntu | bionic | * |
| Thunderbird | Ubuntu | focal | * |
| Thunderbird | Ubuntu | jammy | * |
| Thunderbird | Ubuntu | kinetic | * |
| Thunderbird | Ubuntu | trusty | * |
| Thunderbird | Ubuntu | upstream | * |
| Thunderbird | Ubuntu | xenial | * |