CCE-94537-8| Platform: cpe:/a:mozilla:firefox_rpm | Date: (C)2021-06-15 (M)2023-07-04 |
Firefox can be set to store passwords for sites visited by the user. These individual passwords are stored in a file and can be protected by a master password. Autofill of the password can then be enabled when the site is visited. This feature could also be used to autofill the certificate pin which could lead to compromise of DoD information.
Parameter:
[disable the save password feature/enable the save password feature]
Technical Mechanism:
Ensure the preference signon.rememberSignons is set and locked to the value of false.
| CCSS Severity: | CCSS Metrics: |
| CCSS Score : 7.7 | Attack Vector: LOCAL |
| Exploit Score: 2.5 | Attack Complexity: LOW |
| Impact Score: 5.2 | Privileges Required: NONE |
| Severity: HIGH | User Interaction: NONE |
| Vector: AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H | Scope: UNCHANGED |
| | Confidentiality: HIGH |
| | Integrity: NONE |
| | Availability: HIGH |
| | |
References: | Resource Id | Reference |
|---|
| SCAP Repo OVAL Definition | oval:org.secpod.oval:def:60308 |
