iOS Mozilla Firefox Vulnerability

  • CERT Admin
  • Wed May 06 2020
  • Alerts

Systems Affected

Firefox 8.0, 9.0, 10.0, 11.0, 12.0, 13.0, 14.0, 15.0, 16.0, 17.0, 18.0, 19.0, 20.0, 21.0, 22.0, 23.0, 24.0 Versions 

Threat Level 

High 

Overview 

An attacker could steal sensitive information from your iOS devices.

Description 

The vulnerability exists in Firefox due to the improper usage of token handling for native-to-JS bridging. An attacker could exploit a user just by sending a maliciously crafted executable application to open. 

Impact 

  ✻  Exposure of your sensitive information
  ✻  Financial loss 

Solution/ Workarounds 

  ✻  Apply the appropriate fix recommended by the Mozilla security advisory
  https://www.mozilla.org/en-US/security/advisories/mfsa2020-15/  

References 

  ✻  https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2020-0132
  ✻  https://www.mozilla.org/en-US/security/advisories/mfsa2020-15/ 

Disclaimer 

The information provided herein is on "as is" basis, without warranty of any kind. 

Last updated: Wed May 06 2020