Information disclosure in Firefox for iOS - CVE-2020-12414

 

Information disclosure in Firefox for iOS - CVE-2020-12414

Published: June 26, 2020 / Updated: July 15, 2020


Vulnerability identifier: #VU29313
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/U:Green
CVE-ID: CVE-2020-12414
CWE-ID: CWE-200
Exploitation vector: Remote access
Exploit availability: No public exploit available
Vendor: Mozilla
Affected software:
Firefox for iOS

Detailed vulnerability description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to the IndexedDB should be cleared when leaving private browsing mode and it is not, the API for "WKWebViewConfiguration" was being used incorrectly and requires the private instance of this object be deleted when leaving private mode.


How to mitigate CVE-2020-12414

Install updates from vendor's website.

Sources