Mozilla Foundation Security Advisory 2024-27

Security Vulnerabilities fixed in Firefox for iOS 127

Announced

June 13, 2024

Impact

high

Products

Firefox for iOS

Fixed in

Firefox for iOS 127

#CVE-2024-38313: Location URL bar could be visually spoofed with a fake toolbar

Reporter: Muneaki Nishimura
Impact: high

Description

In certain scenarios a malicious website could attempt to display a fake location URL bar which could mislead users as to the actual website address

References

Bug 1878489

#CVE-2024-38312: Private tabs could result in residual data related to browsing history in app bundle

Reporter: Adam Berry
Impact: moderate

Description

When browsing private tabs, some data related to location history or webpage thumbnails could be persisted incorrectly within the sandboxed app bundle after app termination

References

Bug 1878578

Firefox for Desktop

Firefox for Android

Firefox for iOS

Firefox Focus

Firefox Blog

Release Notes

Mozilla Monitor

Facebook Container

Pocket

Mozilla VPN

Firefox Relay

MDN Plus

Fakespot

Mozilla Manifesto

Mozilla Foundation

Leadership

Get involved

Careers

Mozilla Blog

Firefox Developer Edition

MDN Web Docs

Mozilla Innovation Projects

Common Voice

Mozilla Foundation Security Advisory 2024-27

Security Vulnerabilities fixed in Firefox for iOS 127

#CVE-2024-38313: Location URL bar could be visually spoofed with a fake toolbar

Description

References

#CVE-2024-38312: Private tabs could result in residual data related to browsing history in app bundle

Description

References