Information Disclosure Vulnerability in Mozilla Firefox for Ios

Information Disclosure Vulnerability in Mozilla Firefox for iOS

https://www.cert-in.org.in/

Severity Rating: Medium

Software Affected

Mozilla Firefox for iOS versions 26.0 and prior

Overview

A vulnerability has been reported in Mozilla Firefox for iOS that could allow a remote attacker to gain access to sensitive information on the targeted system.

Description

This vulnerability exists in Mozilla Firefox for iOS due to incorrect usage of the API for ‘WKWebViewConfiguration’ which required the private instance of this object to be deleted when leaving private mode. A remote attacker could exploit this vulnerability by enticing the user to view a specially crafted web page which resulted in non-clearance of IndexedDB when leaving the private browsing mode.

Successful exploitation of this vulnerability could allow the attacker to gain access to sensitive information on the targeted system. .

Solution

Update to version 27.0 from Apple App Store.

Vendor Information

Mozilla https://www.mozilla.org/en-US/security/advisories/mfsa2020-23/

Reference

Mozilla

https://www.mozilla.org/en-US/security/advisories/mfsa2020-23/

IBM

https://exchange.xforce.ibmcloud.com/vulnerabilities/184013

CVE Name

CVE-2020-12414

- --

Thanks and Regards,

CERT-In

" Be clean! Be healthy! "

Note: Please do not reply to this e-mail.

For further queries contact

CERT-In Information Desk. Email: [email protected]

Phone : 1800-11-4949

FAX : 1800-11-6969

Web : http://www.cert-in.org.in

PGP Finger Print:D1F0 6048 20A9 56B9 5DAA 02A8 0798 04C3 2D85 A787

PGP Key information: http://www.cert-in.org.in/contact.htm

Postal address:

Indian Computer Emergency Response Team (CERT-In)

Ministry of Electronics and Information Technology

Government of India

Electronics Niketan

6, C.G.O. Complex

New Delhi-110 003

-----BEGIN PGP SIGNATURE-----

Version: Encryption Desktop 10.4.1 (Build 620)

Charset: utf-8

wsFVAwUBXvnnl94woHEnXMrPAQi8MA//UHaVQWdALKcxA5C1r+krgdatDLUevL0a geh1pwS5Hg/NWtfiXXx0floEUK4bhdPWWBeqF9Qb/XpA3d/Hpzuq3Kb70RyHcnen aMlsIFLHOozCAInQf4/juaCdUKjKrMdw2G9Zv30aL0AZdyNLwnO0zcOdIYufdcqM zUpbsd0PJ94HCKtnpsaKKldQPzCjf1ZMFeGLfws3DsWiWJ90TBlqRVJoQOSf2Upk

/qqVjRitOhzl0yCuzIMbR4pXaBt7Oj0ogM+gZa+6SvlKpLqbdGVciRoSQms+Wq3P zEvbi1tviuPX1g6vYeWDcQdRgm1lNvd2bLbSUex3vhbSZzmd7s2JPVw42kWn5Tm2

8GtLYU+7mOsoe31rEQ416WMdM6Ikj9zx1RQZqUIEtigCKezZqEdJX8+kAFsaC2Ho

ZGOzH+nvq2FTa/h3UMLk0b9iTLCPhBOi5gR/wmyd6Q2uNHm1c+RoF+KXGTWFDgpI gT/NP6tzBJqoPGVYbhV/9Uh9fL6OSFQQYaj6vf1k9zPN0t1kZoG1ZD1YCn81DVAB

ShgrKiC+l+G1Yn/JbrQSvLF8mH2dC6ArzX2QWMTzulYnnkZiKGIs8SqP01vQc4Mo

GEWKJ6cspeMfPnqWyCrz80NSPoBpNWbiYSdvU/NSx3EyZmSP5epPTMWA326kNjhy

0wxcTuvuD/w=

=7yk4

-----END PGP SIGNATURE-----