4 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
36.1%
For native-to-JS bridging the app requires a unique token to be passed that ensures non-app code can’t call the bridging functions. That token could leak when used for downloading files. This vulnerability affects Firefox for iOS < 26.
bugzilla.mozilla.org/show_bug.cgi?id=1631739
www.mozilla.org/security/advisories/mfsa2020-19/