From c106fa327d8519601fe14e6f75bacb2a2c81bb85 Mon Sep 17 00:00:00 2001
From: Daniela Arcese <darcese@mozilla.com>
Date: Fri, 1 May 2020 14:56:52 -0400
Subject: [PATCH] Advisories for iOS Release 25 (#4)

* Advisories for iOS Release 25

* Address nits

* Add announced date
---
 announce/2020/mfsa2020-15.yml | 15 +++++++++++++++
 1 file changed, 15 insertions(+)
 create mode 100644 announce/2020/mfsa2020-15.yml

diff --git a/announce/2020/mfsa2020-15.yml b/announce/2020/mfsa2020-15.yml
new file mode 100644
index 0000000..f6318ad
--- /dev/null
+++ b/announce/2020/mfsa2020-15.yml
@@ -0,0 +1,15 @@
+## mfsa2020-15.yml
+announced: May 1, 2020
+impact: moderate
+fixed_in:
+- Firefox for iOS 25
+title: Security Vulnerabilities fixed in Firefox for iOS 25
+advisories:
+  CVE-2020-6830:
+    title: Native-to-JS bridging security token exploit
+    impact: moderate
+    reporter: Vinoth Kumar
+    description: |
+      For native-to-JS bridging, the app requires a unique token to be passed that ensures non-app code can't call the bridging functions. That token was being used for JS-to-native also, but it isn't needed in this case, and its usage was also leaking this token.
+    bugs:
+      - url: 1632387