CVE-2024-38312

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions Firefox for iOS versions prior to 127

Description The issue is related to errors in presenting information to the user interface, potentially allowing a remote attacker to conduct a spoofing attack by replacing the URL in the location string. When browsing private tabs, some data related to location history or webpage thumbnails could be persisted incorrectly within the sandboxed app bundle after app termination.

Recommendations For Firefox for iOS versions prior to 127, update to version 127 or later to resolve the issue. As a temporary workaround, consider restricting the use of private tabs until a patch is available. Avoid using the private browsing feature in affected versions to minimize the risk of data persistence.

Fix

Information Disclosure

UI Misrepresentation of Critical Information

Insecure Storage of Sensitive Information

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200CWE-451CWE-922

Related Identifiers

BDU:2024-04979

CVE-2024-38312

Affected Products

Astra Linux

Firefox For Ios

CVE-2024-38312

Weakness Enumeration

Related Identifiers

Affected Products

References · 7