Fwd: [CIVN-2020-0199] Information Disclosure Vulnerability in Mozilla Firefox for iOS

Severity Rating: HIGH

Software Affected

Firefox for iOS versions 25.0 and prior

Overview

A vulnerability has been reported in Firefox for iOS that could allow a

remote attacker to access sensitive information on a targeted system.

Description

This vulnerability exists in Firefox for iOS due to improper token handling

in native-to-JS bridging implementation. A remote attacker could exploit

this vulnerability by creating a specially crafted webpage and then

convince the user to download a file hosted on the webpage.

Successful exploitation of this vulnerability could allow the attacker to

access potentially sensitive information on the targeted system.

Solution

Update to version 26.0 from Apple App Store.

Vendor Information

Mozilla

https://www.mozilla.org/en-US/security/advisories/mfsa2020-19/

References

Mozilla

https://www.mozilla.org/en-US/security/advisories/mfsa2020-19/

CyberSecurityHelp

https://www.cybersecurity-help.cz/vdb/SB2020052916

CVE Name

CVE-2020-12404

About Cert Advisory

We have created this blog to provide latest security advisory from the india cert for the security vulnerability, threats, attacks and patching required to mitigate any kind of cyber attacks.

Fwd: [CIVN-2020-0199] Information Disclosure Vulnerability in Mozilla Firefox for iOS

About Cert Advisory

Related Posts

Popular Posts

Facebook

Blog Archive