Logins saved by Firefox should be managed by the Password Manager component which uses encryption to save files on-disk. Instead, the username (not password) was saved by the Form Manager to an unencrypted file on disk. This vulnerability affects Firefox < 106.
Los inicios de sesión guardados por Firefox deben ser administrados por el componente Administrador de contraseñas, que utiliza cifrado para guardar archivos en el disco. En cambio, el Administrador de formularios guardó el nombre de usuario (no la contraseña) en un archivo no cifrado en el disco. Esta vulnerabilidad afecta a Firefox < 106.
USN-5709-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. It was discovered that Firefox saved usernames to a plaintext file. A local user could potentially exploit this to obtain sensitive information.
