Mozilla Foundation Security Advisory 2020-19

Security Vulnerabilities fixed in Firefox for iOS 26

Announced

May 30, 2020

Impact

moderate

Products

Firefox for iOS

Fixed in

Firefox for iOS 26

#CVE-2020-12404: Native-to-JS bridging security token exploit

Reporter: Vinoth Kumar
Impact: moderate

Description

For native-to-JS bridging the app requires a unique token to be passed that ensures non-app code can't call the bridging functions. That token could leak when used for downloading files.

References

Bug 1631739

Firefox for Desktop

Firefox for iOS

Firefox for Android

Firefox Focus

Firefox blog

Mozilla VPN

Mozilla Monitor

Firefox Relay

Pocket

MDN Plus

Fakespot

Thunderbird

About Mozilla

The Mozilla Manifesto

Get Involved

Innovation Projects

Blog

Mozilla Foundation

Mozilla.ai

Mozilla Ventures

Mozilla Advertising