Vinoth Kumar

**Name of the Vulnerable Software and Affected Versions** Firefox for iOS versions prior to 26 **Description** The issue arises from the native-to-JS bridging mechanism in the app, which requires a unique token to prevent non-app code from calling bridging functions. However, this token can potentially leak when used for downloading files, thus compromising the security of the bridging process. **Recommendations** For versions prior to 26, update to version 26 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Firefox for iOS versions prior to 25 **Description** The issue is related to the implementation of window.webkit in the Firefox web browser for iOS, which involves the disclosure of information about the SECURITY TOKEN. This could allow a remote attacker to gain unauthorized access to protected information. The vulnerability is due to the unnecessary use of a unique token for JS-to-native bridging, which was leaking the token. **Recommendations** For versions prior to 25, update to version 25 or later to resolve the issue. As a temporary workaround, consider restricting access to the bridging functions to minimize the risk of exploitation.