CVE-2022-34469

EPSS 0.05%
Veröffentlicht 22.12.2022 20:15:31
Zuletzt bearbeitet 15.04.2025 19:16:03
Quelle security@mozilla.org
CVE-Watchlists
Login
Unerledigt
Login

When a TLS Certificate error occurs on a domain protected by the HSTS header, the browser should not allow the user to bypass the certificate error. On Firefox for Android, the user was presented with the option to bypass the error; this could only have been done by the user explicitly. <br>*This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 102.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Mozilla ≫ Firefox Version < 102.0

Google ≫ Android Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.05%	0.155

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.1	2.8	5.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
134c704f-9b21-4f2e-91b3-4a467353bcc0	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE-295 Improper Certificate Validation

The product does not validate, or incorrectly validates, a certificate.

https://www.mozilla.org/security/advisories/mfsa2022-24/

Vendor Advisory

https://bugzilla.mozilla.org/show_bug.cgi?id=1721220

Vendor Advisory

Issue Tracking

Permissions Required

https://nvd.nist.gov/vuln/detail/CVE-2022-34469

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-34469

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-34469

EUVD