CVE-2024-38312Insecure Storage of Sensitive Information in Mozilla Firefox FOR IOS

CWE-922Insecure Storage of Sensitive Information5 documents5 sources
Severity
6.5MEDIUMNVD
EPSS
0.4%
top 40.37%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Mozilla Firefox FOR IOSMozilla Firefox
Timeline
PublishedJun 13

Description

When browsing private tabs, some data related to location history or webpage thumbnails could be persisted incorrectly within the sandboxed app bundle after app termination This vulnerability affects Firefox for iOS < 127.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

NVDmozilla/firefox< 127.0
CVEListV5mozilla/firefox_for_iosunspecified127

🔴Vulnerability Details

2
GHSA
GHSA-ffh4-92gv-qvv5: When browsing private tabs, some data related to location history or webpage thumbnails could be persisted incorrectly within the sandboxed app bundle2024-06-13
CVEList
CVE-2024-38312: When browsing private tabs, some data related to location history or webpage thumbnails could be persisted incorrectly within the sandboxed app bundle2024-06-13

📋Vendor Advisories

2
Debian
CVE-2024-38312: firefox - When browsing private tabs, some data related to location history or webpage thu...2024
Mozilla
Mozilla Foundation Security Advisory 2024-27: CVE-2024-38312
CVE-2024-38312 — Mozilla Firefox FOR IOS vulnerability | cvebase