CVE-2023-4580Missing Encryption of Sensitive Data in Mozilla Firefox

CWE-311Missing Encryption of Sensitive DataCWE-200Sensitive Information Exposure12 documents9 sources
Severity
6.5MEDIUMNVD
EPSS
0.1%
top 76.04%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Mozilla FirefoxMozilla Firefox ESRMozilla Thunderbird
Timeline
PublishedSep 11
Latest updateOct 3

Description

Push notifications stored on disk in private browsing mode were not being encrypted potentially allowing the leak of sensitive information. This vulnerability affects Firefox < 117, Firefox ESR < 115.2, and Thunderbird < 115.2.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages7 packages

CVEListV5mozilla/firefoxunspecified117
NVDmozilla/firefox< 117.0
CVEListV5mozilla/firefox_esrunspecified115.2
NVDmozilla/firefox_esr< 115.2
CVEListV5mozilla/thunderbirdunspecified115.2

🔴Vulnerability Details

3
GHSA
GHSA-x3mh-rj4c-5xpw: Push notifications stored on disk in private browsing mode were not being encrypted potentially allowing the leak of sensitive information2023-09-11
CVEList
Push notifications saved to disk unencrypted2023-09-11
OSV
CVE-2023-4580: Push notifications stored on disk in private browsing mode were not being encrypted potentially allowing the leak of sensitive information2023-09-11

📋Vendor Advisories

8
Ubuntu
Thunderbird vulnerabilities2023-10-03
Microsoft
Push notifications stored on disk in private browsing mode were not being encrypted potentially allowing the leak of sensitive information. This vulnerability affects Firefox < 117, Firefox ESR < 115.2023-09-12
Ubuntu
Firefox vulnerabilities2023-08-30
Red Hat
Mozilla: Push notifications saved to disk unencrypted2023-08-29
Debian
CVE-2023-4580: firefox - Push notifications stored on disk in private browsing mode were not being encryp...2023
CVE-2023-4580 — Missing Encryption of Sensitive Data | cvebase