Information Disclosure Vulnerability in Mozilla Firefox for Ios

Information Disclosure Vulnerability in Mozilla Firefox for iOS https://www.cert-in.org.in/

Severity Rating: HIGH

Software Affected

Firefox for iOS versions 25.0 and prior Overview

A vulnerability has been reported in Firefox for iOS that could allow a remote attacker to access sensitive information on a targeted system.

Description

This vulnerability exists in Firefox for iOS due to improper token handling in native-to-JS bridging implementation. A remote attacker could exploit this vulnerability by creating a specially crafted webpage and then convince the user to download a file hosted on the webpage.

Successful exploitation of this vulnerability could allow the attacker to access potentially sensitive information on the targeted system.

Solution

Update to version 26.0 from Apple App Store. Vendor Information

Mozilla https://www.mozilla.org/en-US/security/advisories/mfsa2020-19/

References

Mozilla https://www.mozilla.org/en-US/security/advisories/mfsa2020-19/

CyberSecurityHelp https://www.cybersecurity-help.cz/vdb/SB2020052916

CVE Name CVE-2020-12404 - --

Thanks and Regards,

CERT-In

" Be clean! Be healthy! "

Note: Please do not reply to this e-mail.

For further queries contact CERT-In Information Desk. Email: [email protected] Phone : 1800-11-4949 FAX : 1800-11-6969 Web : http://www.cert-in.org.in PGP Finger Print:D1F0 6048 20A9 56B9 5DAA 02A8 0798 04C3 2D85 A787 PGP Key information: http://www.cert-in.org.in/contact.htm

Postal address: Indian Computer Emergency Response Team (CERT-In) Ministry of Electronics and Information Technology Government of India Electronics Niketan 6, C.G.O. Complex New Delhi-110 003

-----BEGIN PGP SIGNATURE----- Version: Encryption Desktop 10.4.1 (Build 620) Charset: utf-8 wsFVAwUBXtjfD94woHEnXMrPAQhM+xAAiRiaAZs4fWjxXPFqqgMTapFLqE1wNB3X emBsJcgqx7L3xzim+LIcRv/VXYuJSNmiiOhV5zPhg7cIDVAA3Pnqsf5cmrMPP+ye khKNkSd7iqQruJic4y9aDH9DOKz5wQ9Ntwl+QyaUvVUoELn+rUu6iYe0QxpVx9UQ 4454EnYS0mdA6+zcbPXXUA4P0bEZYbDcvO/VPsoBktpJcoeypVs8vx1IKuLOFsor QzDun4xlahr9i+XgSfJAyBxg59x6E2z95t5rx4m6Fssx2WgM8rzyTz4GDb1HX1JJ 73+KQ3JMR2k9Ab1CtesOCtS4EGSEYcspiATaacG5Bds1+9Q+wt4WgDLTuo1as3cB OuVFjJ3tRCv1AQHBEFUsiIx0SeUfCxn8WoisMfRkA+d+Qyrmd771EHT61Q1SrklS sDhnrPZJ/iIJSt0J9JcHvYobxPGiGfL6GGN7wPtJFroz+OBM6Kpno+VAy4Rd/s8/ A/TePu3IfOGHvNLqFaZow/oRfENE0Y4ZgS2SasYacXuf6KG/PfmjYgQN0qWGDsrm 1T5H4QrjafJM3Bo5lkaT3o6NWCxvyvBME7p624mt0i5Cj53zRS9EQcuaAFbekiZB KCnvktuKI3bKlf7bsABouK9OkttxG48+xl1ZvmYl+eJZ1IHSIIdwD1r7JdL2cFLX c2hqQfzTs7E= =uCUB -----END PGP SIGNATURE-----