### [CVE-2020-6830](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6830)
![](https://img.shields.io/static/v1?label=Product&message=Firefox%20for%20iOS&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=%3C%2025%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=Native-to-JS%20bridging%20security%20token%20exploit&color=brighgreen)

### Description

For native-to-JS bridging, the app requires a unique token to be passed that ensures non-app code can't call the bridging functions. That token was being used for JS-to-native also, but it isn't needed in this case, and its usage was also leaking this token. This vulnerability affects Firefox for iOS < 25.

### POC

#### Reference
- https://bugzilla.mozilla.org/show_bug.cgi?id=1632387

#### Github
No PoCs found on GitHub currently.