Information Disclosure Vulnerability in Mozilla Firefox for iOS https://www.cert-in.org.in/ Severity Rating: Medium Software Affected Mozilla Firefox for iOS versions 26.0 and prior Overview A vulnerability has been reported in Mozilla Firefox for iOS that could allow a remote attacker to gain access to sensitive information on the targeted system. Description This vulnerability exists in Mozilla Firefox for iOS due to incorrect usage of the API for ‘WKWebViewConfiguration’ which required the private instance of this object to be deleted when leaving private mode. A remote attacker could exploit this vulnerability by enticing the user to view a specially crafted web page which resulted in non-clearance of IndexedDB when leaving the private browsing mode. Successful exploitation of this vulnerability could allow the attacker to gain access to sensitive information on the targeted system. Solution Update to version 27.0 from Apple App Store. Vendor Information Mozilla https://www.mozilla.org/en-US/security/advisories/mfsa2020-23/ Reference Mozilla https://www.mozilla.org/en-US/security/advisories/mfsa2020-23/ IBM https://exchange.xforce.ibmcloud.com/vulnerabilities/184013 CVE Name CVE-2020-12414 - -- Thanks and Regards, CERT-In " Be clean! Be healthy! " Note: Please do not reply to this e-mail. For further queries contact CERT-In Information Desk. Email:
[email protected] Phone : 1800-11-4949 FAX : 1800-11-6969 Web : http://www.cert-in.org.in PGP Finger Print:D1F0 6048 20A9 56B9 5DAA 02A8 0798 04C3 2D85 A787 PGP Key information: http://www.cert-in.org.in/contact.htm Postal address: Indian Computer Emergency Response Team (CERT-In) Ministry of Electronics and Information Technology Government of India Electronics Niketan 6, C.G.O.