Push notifications stored on disk in private browsing mode were not being encrypted potentially allowing the leak of sensitive information. This vulnerability affects Firefox < 117, Firefox ESR < 115.2, and Thunderbird < 115.2.
CWE-311 : Missing Encryption of Sensitive Data
The lack of proper data encryption passes up the guarantees of confidentiality, integrity, and accountability that properly implemented encryption conveys.
Issue Tracking Permissions Required
|No known exploits|
Other (github, ...)
|No known exploits|
Common Attack Pattern Enumerations and Classifications
|T1005||Data from Local System|
|T1056.004||Input Capture: Credential API Hooking|
|T1111||Multi-Factor Authentication Interception|
|T1539||Steal Web Session Cookie|
|T1552.004||Unsecured Credentials: Private Keys|
|© 2022 The MITRE Corporation. This work is reproduced and distributed with the permission of The MITRE Corporation.|
|T1005||Data loss prevention can restrict access to sensitive data and detect sensitive data that is unencrypted.|
|T1040||In cloud environments, ensure that users are not granted permissions to create or modify traffic mirrors unless this is explicitly required.|
|T1111||Remove smart cards when not in use.|
|T1539||Train users to identify aspects of phishing attempts where they're asked to enter credentials into a site that has the incorrect domain for the application they are logging into.|
|T1552.004||Ensure permissions are properly set on folders containing sensitive private keys to prevent unintended access.|
|© 2022 The MITRE Corporation. Esta obra se reproduce y distribuye con el permiso de The MITRE Corporation.|
Take a picture of your computer network in a few clicks !
The Sherlock® flash audit solution allows you to perform an audit to strengthen the security of your IT assets. Vulnerability analysis of your physical and virtual equipment. Patch planning by priority level and time available. Detailed and intuitive reporting.