Main Vulnerability Database Vulnerabilities #VU92105

Information disclosure in Firefox for iOS - CVE-2024-38312

Published: June 14, 2024

Vulnerability identifier: #VU92105

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2024-38312

CWE-ID: CWE-200

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: Mozilla

Affected software:
Firefox for iOS

Detailed vulnerability description

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to excessive data output by the application. When browsing private tabs, some data related to location history or webpage thumbnails could be persisted incorrectly within the sandboxed app bundle after app termination. A local user can gain access to potentially sensitive information.

How to mitigate CVE-2024-38312

Install updates from vendor's website.

Sources

https://bugzilla.mozilla.org/show_bug.cgi?id=1878578
https://www.mozilla.org/security/advisories/mfsa2024-27/

Information disclosure in Firefox for iOS - CVE-2024-38312

Detailed vulnerability description

How to mitigate CVE-2024-38312

Sources

Please verify you're human