Mozilla Foundation Security Advisory 2020-15

Security Vulnerabilities fixed in Firefox for iOS 25

Announced

May 1, 2020

Impact

moderate

Products

Firefox for iOS

Fixed in

Firefox for iOS 25

#CVE-2020-6830: Native-to-JS bridging security token exploit

Reporter: Vinoth Kumar
Impact: moderate

Description

For native-to-JS bridging, the app requires a unique token to be passed that ensures non-app code can't call the bridging functions. That token was being used for JS-to-native also, but it isn't needed in this case, and its usage was also leaking this token.

References

Bug 1632387

Firefox for Desktop

Firefox for iOS

Firefox for Android

Firefox Focus

Firefox blog

Mozilla VPN

Mozilla Monitor

Firefox Relay

Pocket

MDN Plus

Fakespot

Thunderbird

About Mozilla

The Mozilla Manifesto

Get Involved

Innovation Projects

Blog

Mozilla Foundation

Mozilla.ai

Mozilla Ventures

Mozilla Advertising