Main Vulnerability Database Vulnerabilities #VU29313

#VU29313 Information disclosure in Firefox for iOS - CVE-2020-12414

Published: June 26, 2020 / Updated: July 15, 2020

Vulnerability identifier: #VU29313

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/U:Green

CVE-ID: CVE-2020-12414

CWE-ID: CWE-200

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Firefox for iOS

Software vendor:
Mozilla

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to the IndexedDB should be cleared when leaving private browsing mode and it is not, the API for "WKWebViewConfiguration" was being used incorrectly and requires the private instance of this object be deleted when leaving private mode.

Remediation

Install updates from vendor's website.

External links

https://www.mozilla.org/en-US/security/advisories/mfsa2020-23/