Security features bypass in Firefox for Android - CVE-2022-29910
Published: May 3, 2022
Vulnerability identifier: #VU62761
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2022-29910
CWE-ID: CWE-254
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Mozilla
Affected software:
Firefox for Android
Firefox for Android
Detailed vulnerability description
The vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to an error, related to handling TLS connections. When closed or sent to the background, Firefox for Android does not properly record and persist HSTS settings. A remote attacker can perform MitM attack.
How to mitigate CVE-2022-29910
Install updates from vendor's website.