Information Disclosure Vulnerability in Mozilla Firefox for iOS https://www.cert-in.org.in/ Severity Rating: Medium Software Affected Mozilla Firefox for iOS versions 26.0 and prior Overview A vulnerability has been reported in Mozilla Firefox for iOS that could allow a remote attacker to gain access to sensitive information on the targeted system. Description This vulnerability exists in Mozilla Firefox for iOS due to incorrect usage of the API for ‘WKWebViewConfiguration’ which required the private instance of this object to be deleted when leaving private mode. A remote attacker could exploit this vulnerability by enticing the user to view a specially crafted web page which resulted in non-clearance of IndexedDB when leaving the private browsing mode. Successful exploitation of this vulnerability could allow the attacker to gain access to sensitive information on the targeted system. Solution Update to version 27.0 from Apple App Store. Vendor Information Mozilla https://www.mozilla.org/en-US/security/advisories/mfsa2020-23/ Reference Mozilla https://www.mozilla.org/en-US/security/advisories/mfsa2020-23/ IBM https://exchange.xforce.ibmcloud.com/vulnerabilities/184013 CVE Name CVE-2020-12414 - -- Thanks and Regards, CERT-In " Be clean! Be healthy! " Note: Please do not reply to this e-mail. For further queries contact CERT-In Information Desk. Email: [email protected] Phone : 1800-11-4949 FAX : 1800-11-6969 Web : http://www.cert-in.org.in PGP Finger Print:D1F0 6048 20A9 56B9 5DAA 02A8 0798 04C3 2D85 A787 PGP Key information: http://www.cert-in.org.in/contact.htm Postal address: Indian Computer Emergency Response Team (CERT-In) Ministry of Electronics and Information Technology Government of India Electronics Niketan 6, C.G.O. Complex New Delhi-110 003 -----BEGIN PGP SIGNATURE----- Version: Encryption Desktop 10.4.1 (Build 620) Charset: utf-8 wsFVAwUBXvnnl94woHEnXMrPAQi8MA//UHaVQWdALKcxA5C1r+krgdatDLUevL0a geh1pwS5Hg/NWtfiXXx0floEUK4bhdPWWBeqF9Qb/XpA3d/Hpzuq3Kb70RyHcnen aMlsIFLHOozCAInQf4/juaCdUKjKrMdw2G9Zv30aL0AZdyNLwnO0zcOdIYufdcqM zUpbsd0PJ94HCKtnpsaKKldQPzCjf1ZMFeGLfws3DsWiWJ90TBlqRVJoQOSf2Upk /qqVjRitOhzl0yCuzIMbR4pXaBt7Oj0ogM+gZa+6SvlKpLqbdGVciRoSQms+Wq3P zEvbi1tviuPX1g6vYeWDcQdRgm1lNvd2bLbSUex3vhbSZzmd7s2JPVw42kWn5Tm2 8GtLYU+7mOsoe31rEQ416WMdM6Ikj9zx1RQZqUIEtigCKezZqEdJX8+kAFsaC2Ho ZGOzH+nvq2FTa/h3UMLk0b9iTLCPhBOi5gR/wmyd6Q2uNHm1c+RoF+KXGTWFDgpI gT/NP6tzBJqoPGVYbhV/9Uh9fL6OSFQQYaj6vf1k9zPN0t1kZoG1ZD1YCn81DVAB ShgrKiC+l+G1Yn/JbrQSvLF8mH2dC6ArzX2QWMTzulYnnkZiKGIs8SqP01vQc4Mo GEWKJ6cspeMfPnqWyCrz80NSPoBpNWbiYSdvU/NSx3EyZmSP5epPTMWA326kNjhy 0wxcTuvuD/w= =7yk4 -----END PGP SIGNATURE-----.