Search for vulnerabilities
Vulnerability details: VCID-dd7v-eepy-aaab
Vulnerability ID VCID-dd7v-eepy-aaab
Aliases CVE-2018-12383
Summary If a user saved passwords before Firefox 58 and then later set a master password, an unencrypted copy of these passwords is still accessible. This is because the older stored password file was not deleted when the data was copied to a new format starting in Firefox 58. The new master password is added only on the new file. This could allow the exposure of stored password data outside of user expectations. This vulnerability affects Firefox < 62, Firefox ESR < 60.2.1, and Thunderbird < 60.2.1.
Status Published
Exploitability 0.5
Weighted Severity 9.0
Risk 4.5
Affected and Fixed Packages Package Details
Weaknesses (2)
CWE-522 Insufficiently Protected Credentials
CWE-212 Improper Removal of Sensitive Information Before Storage or Transfer
System Score Found at
generic_textual Medium http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-12383.html
rhas Moderate https://access.redhat.com/errata/RHSA-2018:2834
rhas Moderate https://access.redhat.com/errata/RHSA-2018:2835
rhas Important https://access.redhat.com/errata/RHSA-2018:3403
rhas Important https://access.redhat.com/errata/RHSA-2018:3458
cvssv3 5.5 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12383.json
epss 0.0005 https://api.first.org/data/v1/epss?cve=CVE-2018-12383
epss 0.0005 https://api.first.org/data/v1/epss?cve=CVE-2018-12383
epss 0.0005 https://api.first.org/data/v1/epss?cve=CVE-2018-12383
epss 0.0005 https://api.first.org/data/v1/epss?cve=CVE-2018-12383
epss 0.0005 https://api.first.org/data/v1/epss?cve=CVE-2018-12383
epss 0.0005 https://api.first.org/data/v1/epss?cve=CVE-2018-12383
epss 0.0005 https://api.first.org/data/v1/epss?cve=CVE-2018-12383
epss 0.0005 https://api.first.org/data/v1/epss?cve=CVE-2018-12383
epss 0.0005 https://api.first.org/data/v1/epss?cve=CVE-2018-12383
epss 0.0005 https://api.first.org/data/v1/epss?cve=CVE-2018-12383
epss 0.0005 https://api.first.org/data/v1/epss?cve=CVE-2018-12383
epss 0.0005 https://api.first.org/data/v1/epss?cve=CVE-2018-12383
epss 0.0005 https://api.first.org/data/v1/epss?cve=CVE-2018-12383
epss 0.0005 https://api.first.org/data/v1/epss?cve=CVE-2018-12383
epss 0.0005 https://api.first.org/data/v1/epss?cve=CVE-2018-12383
epss 0.0005 https://api.first.org/data/v1/epss?cve=CVE-2018-12383
epss 0.0005 https://api.first.org/data/v1/epss?cve=CVE-2018-12383
epss 0.0005 https://api.first.org/data/v1/epss?cve=CVE-2018-12383
epss 0.0005 https://api.first.org/data/v1/epss?cve=CVE-2018-12383
epss 0.0005 https://api.first.org/data/v1/epss?cve=CVE-2018-12383
epss 0.0005 https://api.first.org/data/v1/epss?cve=CVE-2018-12383
epss 0.0005 https://api.first.org/data/v1/epss?cve=CVE-2018-12383
epss 0.0005 https://api.first.org/data/v1/epss?cve=CVE-2018-12383
epss 0.0005 https://api.first.org/data/v1/epss?cve=CVE-2018-12383
epss 0.0005 https://api.first.org/data/v1/epss?cve=CVE-2018-12383
epss 0.0005 https://api.first.org/data/v1/epss?cve=CVE-2018-12383
epss 0.0005 https://api.first.org/data/v1/epss?cve=CVE-2018-12383
epss 0.0005 https://api.first.org/data/v1/epss?cve=CVE-2018-12383
epss 0.0005 https://api.first.org/data/v1/epss?cve=CVE-2018-12383
epss 0.0005 https://api.first.org/data/v1/epss?cve=CVE-2018-12383
epss 0.0005 https://api.first.org/data/v1/epss?cve=CVE-2018-12383
epss 0.0005 https://api.first.org/data/v1/epss?cve=CVE-2018-12383
epss 0.0005 https://api.first.org/data/v1/epss?cve=CVE-2018-12383
epss 0.0005 https://api.first.org/data/v1/epss?cve=CVE-2018-12383
epss 0.0005 https://api.first.org/data/v1/epss?cve=CVE-2018-12383
epss 0.0005 https://api.first.org/data/v1/epss?cve=CVE-2018-12383
epss 0.0005 https://api.first.org/data/v1/epss?cve=CVE-2018-12383
epss 0.0005 https://api.first.org/data/v1/epss?cve=CVE-2018-12383
epss 0.0005 https://api.first.org/data/v1/epss?cve=CVE-2018-12383
epss 0.0005 https://api.first.org/data/v1/epss?cve=CVE-2018-12383
epss 0.0005 https://api.first.org/data/v1/epss?cve=CVE-2018-12383
epss 0.0005 https://api.first.org/data/v1/epss?cve=CVE-2018-12383
epss 0.0005 https://api.first.org/data/v1/epss?cve=CVE-2018-12383
epss 0.0005 https://api.first.org/data/v1/epss?cve=CVE-2018-12383
epss 0.0005 https://api.first.org/data/v1/epss?cve=CVE-2018-12383
epss 0.0005 https://api.first.org/data/v1/epss?cve=CVE-2018-12383
epss 0.0005 https://api.first.org/data/v1/epss?cve=CVE-2018-12383
epss 0.0005 https://api.first.org/data/v1/epss?cve=CVE-2018-12383
epss 0.0005 https://api.first.org/data/v1/epss?cve=CVE-2018-12383
epss 0.0005 https://api.first.org/data/v1/epss?cve=CVE-2018-12383
epss 0.0005 https://api.first.org/data/v1/epss?cve=CVE-2018-12383
epss 0.0005 https://api.first.org/data/v1/epss?cve=CVE-2018-12383
epss 0.0005 https://api.first.org/data/v1/epss?cve=CVE-2018-12383
epss 0.0005 https://api.first.org/data/v1/epss?cve=CVE-2018-12383
epss 0.0005 https://api.first.org/data/v1/epss?cve=CVE-2018-12383
epss 0.0005 https://api.first.org/data/v1/epss?cve=CVE-2018-12383
epss 0.0005 https://api.first.org/data/v1/epss?cve=CVE-2018-12383
epss 0.0005 https://api.first.org/data/v1/epss?cve=CVE-2018-12383
epss 0.0005 https://api.first.org/data/v1/epss?cve=CVE-2018-12383
epss 0.0005 https://api.first.org/data/v1/epss?cve=CVE-2018-12383
epss 0.0005 https://api.first.org/data/v1/epss?cve=CVE-2018-12383
epss 0.0005 https://api.first.org/data/v1/epss?cve=CVE-2018-12383
epss 0.0005 https://api.first.org/data/v1/epss?cve=CVE-2018-12383
epss 0.0005 https://api.first.org/data/v1/epss?cve=CVE-2018-12383
epss 0.0005 https://api.first.org/data/v1/epss?cve=CVE-2018-12383
epss 0.0005 https://api.first.org/data/v1/epss?cve=CVE-2018-12383
epss 0.0005 https://api.first.org/data/v1/epss?cve=CVE-2018-12383
epss 0.0005 https://api.first.org/data/v1/epss?cve=CVE-2018-12383
epss 0.00072 https://api.first.org/data/v1/epss?cve=CVE-2018-12383
epss 0.00076 https://api.first.org/data/v1/epss?cve=CVE-2018-12383
epss 0.00076 https://api.first.org/data/v1/epss?cve=CVE-2018-12383
epss 0.00076 https://api.first.org/data/v1/epss?cve=CVE-2018-12383
epss 0.00076 https://api.first.org/data/v1/epss?cve=CVE-2018-12383
epss 0.00076 https://api.first.org/data/v1/epss?cve=CVE-2018-12383
epss 0.00076 https://api.first.org/data/v1/epss?cve=CVE-2018-12383
epss 0.00076 https://api.first.org/data/v1/epss?cve=CVE-2018-12383
epss 0.00076 https://api.first.org/data/v1/epss?cve=CVE-2018-12383
epss 0.00076 https://api.first.org/data/v1/epss?cve=CVE-2018-12383
epss 0.00076 https://api.first.org/data/v1/epss?cve=CVE-2018-12383
epss 0.00076 https://api.first.org/data/v1/epss?cve=CVE-2018-12383
epss 0.00076 https://api.first.org/data/v1/epss?cve=CVE-2018-12383
epss 0.00132 https://api.first.org/data/v1/epss?cve=CVE-2018-12383
epss 0.00147 https://api.first.org/data/v1/epss?cve=CVE-2018-12383
epss 0.00147 https://api.first.org/data/v1/epss?cve=CVE-2018-12383
epss 0.00147 https://api.first.org/data/v1/epss?cve=CVE-2018-12383
epss 0.00147 https://api.first.org/data/v1/epss?cve=CVE-2018-12383
rhbs low https://bugzilla.redhat.com/show_bug.cgi?id=1625531
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16541
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12376
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12377
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12378
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12383
generic_textual Low https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12385
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18499
cvssv2 2.1 https://nvd.nist.gov/vuln/detail/CVE-2018-12383
cvssv3 5.5 https://nvd.nist.gov/vuln/detail/CVE-2018-12383
archlinux Critical https://security.archlinux.org/AVG-782
cvssv3.1 8.8 https://security.gentoo.org/glsa/201810-01
generic_textual HIGH https://security.gentoo.org/glsa/201810-01
generic_textual Medium https://ubuntu.com/security/notices/USN-3761-1
generic_textual Low https://ubuntu.com/security/notices/USN-3793-1
generic_textual critical https://www.mozilla.org/en-US/security/advisories/mfsa2018-20
generic_textual Medium https://www.mozilla.org/en-US/security/advisories/mfsa2018-20/#CVE-2018-12383
generic_textual none https://www.mozilla.org/en-US/security/advisories/mfsa2018-23
generic_textual critical https://www.mozilla.org/en-US/security/advisories/mfsa2018-25
generic_textual Medium https://www.mozilla.org/en-US/security/advisories/mfsa2018-25/#CVE-2018-12383
generic_textual Medium https://www.mozilla.org/security/advisories/mfsa2018-20/
generic_textual Medium https://www.mozilla.org/security/advisories/mfsa2018-25/
Reference id Reference type URL
http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-12383.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12383.json
https://api.first.org/data/v1/epss?cve=CVE-2018-12383
https://bugzilla.mozilla.org/show_bug.cgi?id=1475775
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16541
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12376
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12377
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12378
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12379
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12383
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12385
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18499
https://lists.debian.org/debian-lts-announce/2018/11/msg00011.html
https://security.gentoo.org/glsa/201810-01
https://security.gentoo.org/glsa/201811-13
https://ubuntu.com/security/notices/USN-3761-1
https://ubuntu.com/security/notices/USN-3793-1
https://usn.ubuntu.com/3761-1/
https://usn.ubuntu.com/3793-1/
https://www.debian.org/security/2018/dsa-4304
https://www.debian.org/security/2018/dsa-4327
https://www.mozilla.org/en-US/security/advisories/mfsa2018-20/#CVE-2018-12383
https://www.mozilla.org/en-US/security/advisories/mfsa2018-25/#CVE-2018-12383
https://www.mozilla.org/security/advisories/mfsa2018-20/
https://www.mozilla.org/security/advisories/mfsa2018-23/
https://www.mozilla.org/security/advisories/mfsa2018-25/
http://www.securityfocus.com/bid/105276
http://www.securitytracker.com/id/1041610
http://www.securitytracker.com/id/1041701
1625531 https://bugzilla.redhat.com/show_bug.cgi?id=1625531
ASA-201810-13 https://security.archlinux.org/ASA-201810-13
AVG-782 https://security.archlinux.org/AVG-782
cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
CVE-2018-12383 https://nvd.nist.gov/vuln/detail/CVE-2018-12383
mfsa2018-20 https://www.mozilla.org/en-US/security/advisories/mfsa2018-20
mfsa2018-23 https://www.mozilla.org/en-US/security/advisories/mfsa2018-23
mfsa2018-25 https://www.mozilla.org/en-US/security/advisories/mfsa2018-25
RHSA-2018:2834 https://access.redhat.com/errata/RHSA-2018:2834
RHSA-2018:2835 https://access.redhat.com/errata/RHSA-2018:2835
RHSA-2018:3403 https://access.redhat.com/errata/RHSA-2018:3403
RHSA-2018:3458 https://access.redhat.com/errata/RHSA-2018:3458
No exploits are available.
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12383.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2018-12383
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2018-12383
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://security.gentoo.org/glsa/201810-01
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.12391
EPSS Score 0.0005
Published At March 28, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
There are no relevant records.