Security features bypass in Firefox for Android - CVE-2022-29910

 

Security features bypass in Firefox for Android - CVE-2022-29910

Published: May 3, 2022


Vulnerability identifier: #VU62761
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2022-29910
CWE-ID: CWE-254
Exploitation vector: Remote access
Exploit availability: No public exploit available
Vendor: Mozilla
Affected software:
Firefox for Android

Detailed vulnerability description

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to an error, related to handling TLS connections. When closed or sent to the background, Firefox for Android does not properly record and persist HSTS settings. A remote attacker can perform MitM attack.


How to mitigate CVE-2022-29910

Install updates from vendor's website.

Sources