Mozilla Foundation Security Advisory 2024-27

Security Vulnerabilities fixed in Firefox for iOS 127

Announced
June 13, 2024
Impact
high
Products
Firefox for iOS
Fixed in
  • Firefox for iOS 127

#CVE-2024-38313: Location URL bar could be visually spoofed with a fake toolbar

Reporter
Muneaki Nishimura
Impact
high
Description

In certain scenarios a malicious website could attempt to display a fake location URL bar which could mislead users as to the actual website address

References

#CVE-2024-38312: Private tabs could result in residual data related to browsing history in app bundle

Reporter
Adam Berry
Impact
moderate
Description

When browsing private tabs, some data related to location history or webpage thumbnails could be persisted incorrectly within the sandboxed app bundle after app termination

References