CVE-2019-17018 — Sensitive Information Exposure in Mozilla Firefox

CWE-200 — Sensitive Information Exposure5 documents5 sources

Severity

5.3MEDIUMNVD

EPSS

0.2%

top 63.71%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox Debian Firefox

Timeline

PublishedJan 8

Latest updateMay 24

Description

When in Private Browsing Mode on Windows 10, the Windows keyboard may retain word suggestions to improve the accuracy of the keyboard. This vulnerability affects Firefox < 72.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages4 packages

▶NVDmozilla/firefox< 72.0

▶debiandebian/firefox

▶CVEListV5mozilla/firefoxbefore 72

▶mozillamozilla/firefox

Patches

Patch: bugzilla.mozilla.org ↗Patch: bugzilla.mozilla.org ↗

🔴Vulnerability Details

GHSA

GHSA-pq8c-jr49-74hj: When in Private Browsing Mode on Windows 10, the Windows keyboard may retain word suggestions to improve the accuracy of the keyboard↗2022-05-24

▶

OSV

CVE-2019-17018: When in Private Browsing Mode on Windows 10, the Windows keyboard may retain word suggestions to improve the accuracy of the keyboard↗2020-01-08

▶

📋Vendor Advisories

Debian

CVE-2019-17018: firefox - When in Private Browsing Mode on Windows 10, the Windows keyboard may retain wor...↗2019

▶

Mozilla

Mozilla Foundation Security Advisory 2020-01: CVE-2019-17018↗

▶