Mozilla Foundation Security Advisory 2020-19
Security Vulnerabilities fixed in Firefox for iOS 26
- Announced
- May 30, 2020
- Impact
- moderate
- Products
- Firefox for iOS
- Fixed in
-
- Firefox for iOS 26
#CVE-2020-12404: Native-to-JS bridging security token exploit
- Reporter
- Vinoth Kumar
- Impact
- moderate
Description
For native-to-JS bridging the app requires a unique token to be passed that ensures non-app code can't call the bridging functions. That token could leak when used for downloading files.