Information Disclosure Vulnerability in Mozilla Firefox for iOS
https://www.cert-in.org.in/
Severity Rating: Medium
Software Affected
Mozilla Firefox for iOS versions 26.0 and prior
Overview
A vulnerability has been reported in Mozilla Firefox for iOS that could allow a remote attacker to gain access to sensitive information on the targeted system.
Description
This vulnerability exists in Mozilla Firefox for iOS due to incorrect usage of the API for ‘WKWebViewConfiguration’ which required the private instance of this object to be deleted when leaving private mode. A remote attacker could exploit this vulnerability by enticing the user to view a specially crafted web page which resulted in non-clearance of IndexedDB when leaving the private browsing mode.
Successful exploitation of this vulnerability could allow the attacker to gain access to sensitive information on the targeted system. .
Solution
Update to version 27.0 from Apple App Store.
Vendor Information
Mozilla https://www.mozilla.org/en-US/security/advisories/mfsa2020-23/
Reference
Mozilla
https://www.mozilla.org/en-US/security/advisories/mfsa2020-23/
IBM
https://exchange.xforce.ibmcloud.com/vulnerabilities/184013
CVE Name
CVE-2020-12414
- --
Thanks and Regards,
CERT-In
" Be clean! Be healthy! "
Note: Please do not reply to this e-mail.
For further queries contact
CERT-In Information Desk. Email: [email protected]
Phone : 1800-11-4949
FAX : 1800-11-6969
Web : http://www.cert-in.org.in
PGP Finger Print:D1F0 6048 20A9 56B9 5DAA 02A8 0798 04C3 2D85 A787
PGP Key information: http://www.cert-in.org.in/contact.htm
Postal address:
Indian Computer Emergency Response Team (CERT-In)
Ministry of Electronics and Information Technology
Government of India
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003
-----BEGIN PGP SIGNATURE-----
Version: Encryption Desktop 10.4.1 (Build 620)
Charset: utf-8
wsFVAwUBXvnnl94woHEnXMrPAQi8MA//UHaVQWdALKcxA5C1r+krgdatDLUevL0a geh1pwS5Hg/NWtfiXXx0floEUK4bhdPWWBeqF9Qb/XpA3d/Hpzuq3Kb70RyHcnen aMlsIFLHOozCAInQf4/juaCdUKjKrMdw2G9Zv30aL0AZdyNLwnO0zcOdIYufdcqM zUpbsd0PJ94HCKtnpsaKKldQPzCjf1ZMFeGLfws3DsWiWJ90TBlqRVJoQOSf2Upk
/qqVjRitOhzl0yCuzIMbR4pXaBt7Oj0ogM+gZa+6SvlKpLqbdGVciRoSQms+Wq3P zEvbi1tviuPX1g6vYeWDcQdRgm1lNvd2bLbSUex3vhbSZzmd7s2JPVw42kWn5Tm2
8GtLYU+7mOsoe31rEQ416WMdM6Ikj9zx1RQZqUIEtigCKezZqEdJX8+kAFsaC2Ho
ZGOzH+nvq2FTa/h3UMLk0b9iTLCPhBOi5gR/wmyd6Q2uNHm1c+RoF+KXGTWFDgpI gT/NP6tzBJqoPGVYbhV/9Uh9fL6OSFQQYaj6vf1k9zPN0t1kZoG1ZD1YCn81DVAB
ShgrKiC+l+G1Yn/JbrQSvLF8mH2dC6ArzX2QWMTzulYnnkZiKGIs8SqP01vQc4Mo
GEWKJ6cspeMfPnqWyCrz80NSPoBpNWbiYSdvU/NSx3EyZmSP5epPTMWA326kNjhy
0wxcTuvuD/w=
=7yk4
-----END PGP SIGNATURE-----