PT-2020-13107 · Mozilla · Firefox

Konark Modi

Published

2020-07-09

Updated

2020-07-13

CVE-2020-12414

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions Firefox for iOS versions prior to 27

Description The issue arises from the incorrect use of the API for WKWebViewConfiguration in private browsing mode, leading to IndexedDB not being cleared when the mode is exited. This requires the private instance of the WKWebViewConfiguration object to be deleted upon leaving private mode.

Recommendations For versions prior to 27, update to version 27 or later to resolve the issue.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-459

Related Identifiers

CVE-2020-12414

Affected Products

Firefox

PT-2020-13107 · Mozilla · Firefox

CVE-2020-12414

Weakness Enumeration

Related Identifiers

Affected Products

References · 4