Mozilla Foundation Security Advisory 2023-51

Security Vulnerabilities fixed in Firefox for iOS 120

Announced
November 21, 2023
Impact
high
Products
Firefox for iOS
Fixed in
  • Firefox for iOS 120

#CVE-2023-49060: Privilege escalation through <a [referrerpolicy]> in ReaderMode

Reporter
Muneaki Nishimura
Impact
high
Description

An attacker could have accessed internal pages or data by ex-filtrating a security key from ReaderMode via the referrerpolicy attribute.

References

#CVE-2023-49061: HTML injection in %READER-BYLINE% of ReaderMode

Reporter
Muneaki Nishimura
Impact
moderate
Description

An attacker could have performed HTML template injection via Reader Mode and exfiltrated user information.

References