CVE-2020-15661

Summary

A rogue webpage could override the injected WKUserScript used by the logins autofill, this exploit could result in leaking a password for the current domain. This vulnerability affects Firefox for iOS < 28.

Affected Software

VendorProductVersion RangeStatus
MozillaFirefox for iOSunspecified < 28affected

Weaknesses

  • Login JS user script can be overidden

ADP Enrichment

CVE Program Container

Additional References

References