CVE-2020-12414

MEDIUM

Firefox for iOS < 27 - Info Disclosure

Title source: llm

Description

IndexedDB should be cleared when leaving private browsing mode and it is not, the API for WKWebViewConfiguration was being used incorrectly and requires the private instance of this object be deleted when leaving private mode. This vulnerability affects Firefox for iOS < 27.

References (2)

[Vendor Advisory] https://www.mozilla.org/security/advisories/mfsa2020-23/

[Issue Tracking, Permissions Required, Vendor Advisory] https://bugzilla.mozilla.org/show_bug.cgi?id=1646756

Scores

CVSS v3 6.5

EPSS 0.0019

EPSS Percentile 40.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Details

CWE

CWE-459

Status published

Products (1)

mozilla/firefox < 27.0

Published Jul 09, 2020

Tracked Since Feb 18, 2026