Main Vulnerability Database Vulnerabilities #VU28368

#VU28368 Information disclosure in Firefox for iOS - CVE-2020-12404

Published: May 29, 2020 / Updated: July 15, 2020

Vulnerability identifier: #VU28368

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/U:Clear

CVE-ID: CVE-2020-12404

CWE-ID: CWE-200

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Firefox for iOS

Software vendor:
Mozilla

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due in native-to-JS bridging implementation that requires a unique token to be passed that ensures non-app code can't call the bridging functions. A remote attacker can create a specially crafted web page, trick the victim into downloading files and obtain token. This token can be used for further attacks against the application.

Remediation

Install updates from vendor's website.

External links

https://www.mozilla.org/en-US/security/advisories/mfsa2020-19/

#VU28368 Information disclosure in Firefox for iOS - CVE-2020-12404

Description

Remediation

External links

Please verify you're human