Main Vulnerability Database Vulnerabilities #VU62761

#VU62761 Security features bypass in Firefox for Android - CVE-2022-29910

Published: May 3, 2022

Vulnerability identifier: #VU62761

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2022-29910

CWE-ID: CWE-254

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Firefox for Android

Software vendor:
Mozilla

Description

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to an error, related to handling TLS connections. When closed or sent to the background, Firefox for Android does not properly record and persist HSTS settings. A remote attacker can perform MitM attack.

Remediation

Install updates from vendor's website.

External links

https://www.mozilla.org/en-US/security/advisories/mfsa2022-16/

#VU62761 Security features bypass in Firefox for Android - CVE-2022-29910

Description

Remediation

External links

Please verify you're human