CVE-2020-6830
HIGH
7.5
Our Analysis: Environment Specific
Our model has classified this vulnerability as relevant to Environment Specific Systems, helping your team prioritize efforts effectively.
Published Date
May 26, 2020
Last Modified
November 21, 2024
CVSS Vector
Not Available
Description
For native-to-JS bridging, the app requires a unique token to be passed that ensures non-app code can't call the bridging functions. That token was being used for JS-to-native also, but it isn't needed in this case, and its usage was also leaking this token. This vulnerability affects Firefox for iOS < 25.