VulnerableCode Vulnerability Details

Search for vulnerabilities

System	Score	Found at
cvssv3	5.5	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12383.json
epss	0.00071	https://api.first.org/data/v1/epss?cve=CVE-2018-12383
epss	0.00071	https://api.first.org/data/v1/epss?cve=CVE-2018-12383
epss	0.00071	https://api.first.org/data/v1/epss?cve=CVE-2018-12383
epss	0.00071	https://api.first.org/data/v1/epss?cve=CVE-2018-12383
epss	0.00071	https://api.first.org/data/v1/epss?cve=CVE-2018-12383
epss	0.00071	https://api.first.org/data/v1/epss?cve=CVE-2018-12383
epss	0.00071	https://api.first.org/data/v1/epss?cve=CVE-2018-12383
epss	0.00071	https://api.first.org/data/v1/epss?cve=CVE-2018-12383
epss	0.00071	https://api.first.org/data/v1/epss?cve=CVE-2018-12383
epss	0.00071	https://api.first.org/data/v1/epss?cve=CVE-2018-12383
epss	0.00071	https://api.first.org/data/v1/epss?cve=CVE-2018-12383
epss	0.00071	https://api.first.org/data/v1/epss?cve=CVE-2018-12383
epss	0.00071	https://api.first.org/data/v1/epss?cve=CVE-2018-12383
epss	0.00071	https://api.first.org/data/v1/epss?cve=CVE-2018-12383
epss	0.00072	https://api.first.org/data/v1/epss?cve=CVE-2018-12383
epss	0.00072	https://api.first.org/data/v1/epss?cve=CVE-2018-12383
epss	0.00072	https://api.first.org/data/v1/epss?cve=CVE-2018-12383
epss	0.00072	https://api.first.org/data/v1/epss?cve=CVE-2018-12383
cvssv2	2.1	https://nvd.nist.gov/vuln/detail/CVE-2018-12383
cvssv3	5.5	https://nvd.nist.gov/vuln/detail/CVE-2018-12383
archlinux	Critical	https://security.archlinux.org/AVG-782
generic_textual	critical	https://www.mozilla.org/en-US/security/advisories/mfsa2018-20
generic_textual	none	https://www.mozilla.org/en-US/security/advisories/mfsa2018-23
generic_textual	critical	https://www.mozilla.org/en-US/security/advisories/mfsa2018-25

System

Score

Found at

cvssv3

5.5

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12383.json

epss

0.00071

https://api.first.org/data/v1/epss?cve=CVE-2018-12383

epss

0.00071

https://api.first.org/data/v1/epss?cve=CVE-2018-12383

epss

0.00071

https://api.first.org/data/v1/epss?cve=CVE-2018-12383

epss

0.00071

https://api.first.org/data/v1/epss?cve=CVE-2018-12383

epss

0.00071

https://api.first.org/data/v1/epss?cve=CVE-2018-12383

epss

0.00071

https://api.first.org/data/v1/epss?cve=CVE-2018-12383

epss

0.00071

https://api.first.org/data/v1/epss?cve=CVE-2018-12383

epss

0.00071

https://api.first.org/data/v1/epss?cve=CVE-2018-12383

epss

0.00071

https://api.first.org/data/v1/epss?cve=CVE-2018-12383

epss

0.00071

https://api.first.org/data/v1/epss?cve=CVE-2018-12383

epss

0.00071

https://api.first.org/data/v1/epss?cve=CVE-2018-12383

epss

0.00071

https://api.first.org/data/v1/epss?cve=CVE-2018-12383

epss

0.00071

https://api.first.org/data/v1/epss?cve=CVE-2018-12383

epss

0.00071

https://api.first.org/data/v1/epss?cve=CVE-2018-12383

epss

0.00072

https://api.first.org/data/v1/epss?cve=CVE-2018-12383

epss

0.00072

https://api.first.org/data/v1/epss?cve=CVE-2018-12383

epss

0.00072

https://api.first.org/data/v1/epss?cve=CVE-2018-12383

epss

0.00072

https://api.first.org/data/v1/epss?cve=CVE-2018-12383

cvssv2

2.1

https://nvd.nist.gov/vuln/detail/CVE-2018-12383

cvssv3

5.5

https://nvd.nist.gov/vuln/detail/CVE-2018-12383

archlinux

Critical

https://security.archlinux.org/AVG-782

generic_textual

critical

https://www.mozilla.org/en-US/security/advisories/mfsa2018-20

generic_textual

none

https://www.mozilla.org/en-US/security/advisories/mfsa2018-23

generic_textual

critical

https://www.mozilla.org/en-US/security/advisories/mfsa2018-25

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12383.json
		https://api.first.org/data/v1/epss?cve=CVE-2018-12383
		https://bugzilla.mozilla.org/show_bug.cgi?id=1475775
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16541
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12376
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12377
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12378
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12379
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12383
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12385
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18499
		https://lists.debian.org/debian-lts-announce/2018/11/msg00011.html
		https://security.gentoo.org/glsa/201810-01
		https://security.gentoo.org/glsa/201811-13
		https://www.debian.org/security/2018/dsa-4304
		https://www.debian.org/security/2018/dsa-4327
		https://www.mozilla.org/security/advisories/mfsa2018-20/
		https://www.mozilla.org/security/advisories/mfsa2018-23/
		https://www.mozilla.org/security/advisories/mfsa2018-25/
		http://www.securityfocus.com/bid/105276
		http://www.securitytracker.com/id/1041610
		http://www.securitytracker.com/id/1041701
1625531		https://bugzilla.redhat.com/show_bug.cgi?id=1625531
ASA-201810-13		https://security.archlinux.org/ASA-201810-13
AVG-782		https://security.archlinux.org/AVG-782
cpe:2.3:a:mozilla:firefox::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox::::::::
cpe:2.3:a:mozilla:firefox_esr::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox_esr::::::::
cpe:2.3:a:mozilla:thunderbird::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird::::::::
cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
cpe:2.3:o:debian:debian_linux:8.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*
cpe:2.3:o:debian:debian_linux:9.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:::::::*
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*
CVE-2018-12383		https://nvd.nist.gov/vuln/detail/CVE-2018-12383
mfsa2018-20		https://www.mozilla.org/en-US/security/advisories/mfsa2018-20
mfsa2018-23		https://www.mozilla.org/en-US/security/advisories/mfsa2018-23
mfsa2018-25		https://www.mozilla.org/en-US/security/advisories/mfsa2018-25
RHSA-2018:2834		https://access.redhat.com/errata/RHSA-2018:2834
RHSA-2018:2835		https://access.redhat.com/errata/RHSA-2018:2835
RHSA-2018:3403		https://access.redhat.com/errata/RHSA-2018:3403
RHSA-2018:3458		https://access.redhat.com/errata/RHSA-2018:3458
USN-3761-1		https://usn.ubuntu.com/3761-1/
USN-3793-1		https://usn.ubuntu.com/3793-1/

Reference id

Reference type

URL

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12383.json

https://api.first.org/data/v1/epss?cve=CVE-2018-12383

https://bugzilla.mozilla.org/show_bug.cgi?id=1475775

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16541

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12376

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12377

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12378

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12379

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12383

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12385

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18499

https://lists.debian.org/debian-lts-announce/2018/11/msg00011.html

https://security.gentoo.org/glsa/201810-01

https://security.gentoo.org/glsa/201811-13

https://www.debian.org/security/2018/dsa-4304

https://www.debian.org/security/2018/dsa-4327

https://www.mozilla.org/security/advisories/mfsa2018-20/

https://www.mozilla.org/security/advisories/mfsa2018-23/

https://www.mozilla.org/security/advisories/mfsa2018-25/

http://www.securityfocus.com/bid/105276

http://www.securitytracker.com/id/1041610

http://www.securitytracker.com/id/1041701

1625531

https://bugzilla.redhat.com/show_bug.cgi?id=1625531

ASA-201810-13

https://security.archlinux.org/ASA-201810-13

AVG-782

https://security.archlinux.org/AVG-782

cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*

https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*

CVE-2018-12383

https://nvd.nist.gov/vuln/detail/CVE-2018-12383

mfsa2018-20

https://www.mozilla.org/en-US/security/advisories/mfsa2018-20

mfsa2018-23

https://www.mozilla.org/en-US/security/advisories/mfsa2018-23

mfsa2018-25

https://www.mozilla.org/en-US/security/advisories/mfsa2018-25

RHSA-2018:2834

https://access.redhat.com/errata/RHSA-2018:2834

RHSA-2018:2835

https://access.redhat.com/errata/RHSA-2018:2835

RHSA-2018:3403

https://access.redhat.com/errata/RHSA-2018:3403

RHSA-2018:3458

https://access.redhat.com/errata/RHSA-2018:3458

USN-3761-1

https://usn.ubuntu.com/3761-1/

USN-3793-1

https://usn.ubuntu.com/3793-1/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploitability (E)	Access Vector (AV)	Access Complexity (AC)	Authentication (Au)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
high functional unproven proof_of_concept not_defined	local adjacent_network network	high medium low	multiple single none	none partial complete	none partial complete	none partial complete

Exploitability (E)

Access Vector (AV)

Access Complexity (AC)

Authentication (Au)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

partial

complete

none

partial

complete

none

partial

complete

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Date	Actor	Action	Source	VulnerableCode Version
2025-07-31T08:09:52.139970+00:00	Mozilla Importer	Import	https://github.com/mozilla/foundation-security-advisories/blob/master/announce/2018/mfsa2018-25.yml	37.0.0

2025-07-31T08:09:52.139970+00:00

Mozilla Importer

Import

https://github.com/mozilla/foundation-security-advisories/blob/master/announce/2018/mfsa2018-25.yml

37.0.0

Vulnerability ID	VCID-f6t5-tcw3-d7gt
Aliases	CVE-2018-12383
Summary	If a user saved passwords before Firefox 58 and then later set a master password, an unencrypted copy of these passwords is still accessible. This is because the older stored password file was not deleted when the data was copied to a new format starting in Firefox 58. The new master password is added only on the new file. This could allow the exposure of stored password data outside of user expectations.
Status	Published
Exploitability	0.5
Weighted Severity	9.0
Risk	4.5
Affected and Fixed Packages	Package Details

CWE-212	Improper Removal of Sensitive Information Before Storage or Transfer
CWE-522	Insufficiently Protected Credentials

Percentile	0.2232
EPSS Score	0.00071
Published At	Aug. 3, 2025, 12:55 p.m.