CVE-2020-12414 — Incomplete Cleanup in Mozilla Firefox FOR IOS

CWE-459 — Incomplete Cleanup5 documents5 sources

Severity

6.5MEDIUMNVD

EPSS

0.2%

top 59.62%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox FOR IOS Mozilla Firefox

Timeline

PublishedJul 9

Latest updateMay 24

Description

IndexedDB should be cleared when leaving private browsing mode and it is not, the API for WKWebViewConfiguration was being used incorrectly and requires the private instance of this object be deleted when leaving private mode. This vulnerability affects Firefox for iOS < 27.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

▶NVDmozilla/firefox< 27.0

▶CVEListV5mozilla/firefox_for_iosunspecified — 27

🔴Vulnerability Details

GHSA

GHSA-68g9-f9xv-qr8g: IndexedDB should be cleared when leaving private browsing mode and it is not, the API for WKWebViewConfiguration was being used incorrectly and requir↗2022-05-24

▶

CVEList

CVE-2020-12414: IndexedDB should be cleared when leaving private browsing mode and it is not, the API for WKWebViewConfiguration was being used incorrectly and requir↗2020-07-09

▶

📋Vendor Advisories

Debian

CVE-2020-12414: firefox - IndexedDB should be cleared when leaving private browsing mode and it is not, th...↗2020

▶

Mozilla

Mozilla Foundation Security Advisory 2020-23: CVE-2020-12414↗

▶