Lucene search

Mozilla FoundationMFSA2024-27

HistoryJun 13, 2024 - 12:00 a.m.

Security Vulnerabilities fixed in Firefox for iOS 127 — Mozilla

2024-06-1300:00:00

Mozilla Foundation

www.mozilla.org

mozilla

ios

firefox

security

vulnerabilities

sandbox

location history

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

AI Score

6.7

Confidence

Low

EPSS

0.001

Percentile

18.6%

JSON

In certain scenarios a malicious website could attempt to display a fake location URL bar which could mislead users as to the actual website address
When browsing private tabs, some data related to location history or webpage thumbnails could be persisted incorrectly within the sandboxed app bundle after app termination

Affected configurations

Vulners

Node

mozillafirefox_for_iosRange<127

VendorProductVersionCPE
mozillafirefox_for_ios*cpe:2.3:a:mozilla:firefox_for_ios:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
mozilla	firefox_for_ios	*	cpe:2.3:a:mozilla:firefox_for_ios::::::::

References

bugzilla.mozilla.org/show_bug.cgi?id=1878489

bugzilla.mozilla.org/show_bug.cgi?id=1878578

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

AI Score

6.7

Confidence

Low

EPSS

0.001

Percentile

18.6%

JSON

Related for MFSA2024-27