CVE-2020-12414
First published: Thu Jun 25 2020(Updated: )
IndexedDB should be cleared when leaving private browsing mode and it is not, the API for WKWebViewConfiguration was being used incorrectly and requires the private instance of this object be deleted when leaving private mode.
Credit: security@mozilla.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Firefox | <27.0 | |
| All of | ||
| Firefox | =27 | |
| Apple iOS and iPadOS |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2020-12414?
CVE-2020-12414 has been rated as a moderate severity vulnerability.
How do I fix CVE-2020-12414?
To fix CVE-2020-12414, update your Firefox browser to a version higher than 27.0.
What impact does CVE-2020-12414 have?
CVE-2020-12414 can lead to sensitive data persisting in IndexedDB after private browsing sessions.
Who is affected by CVE-2020-12414?
CVE-2020-12414 affects Mozilla Firefox version 27 and earlier on iOS devices.
What type of vulnerability is CVE-2020-12414?
CVE-2020-12414 is classified as a data leakage vulnerability related to improper handling of IndexedDB.
- agent/type
- agent/first-publish-date
- agent/references
- agent/weakness
- agent/severity
- agent/author
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/trending
- agent/source
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/tags
- agent/softwarecombine
- collector/mozilla-advisory
- vendor/mozilla
- vendor/firefox
- vendor/apple
- vendor/ios
- source/Mozilla
- agent/software-canonical-lookup
- canonical/firefox
- version/firefox/27
- canonical/apple ios and ipados