Software Affected

Mozilla Firefox for iOS versions 26.0 and prior

Overview

A vulnerability has been reported in Mozilla Firefox for iOS that could

allow a remote attacker to gain access to sensitive information on the

targeted system.

Description

This vulnerability exists in Mozilla Firefox for iOS due to incorrect usage

of the API for 'WKWebViewConfiguration' which required the private

instance of this object to be deleted when leaving private mode. A remote

attacker could exploit this vulnerability by enticing the user to view a

specially crafted web page which resulted in non-clearance of IndexedDB

when leaving the private browsing mode.

Successful exploitation of this vulnerability could allow the attacker to

gain access to sensitive information on the targeted system.           .

Solution

Update to version 27.0 from Apple App Store.

Vendor Information

Mozilla

https://www.mozilla.org/en-US/security/advisories/mfsa2020-23/

Reference

Mozilla

https://www.mozilla.org/en-US/security/advisories/mfsa2020-23/

IBM

https://exchange.xforce.ibmcloud.com/vulnerabilities/184013

CVE Name

CVE-2020-12414