Peter Gerber

**Name of the Vulnerable Software and Affected Versions** Firefox for Android versions prior to 102 **Description** The issue is related to the handling of TLS Certificate errors on domains protected by the HSTS header. When such an error occurs, the browser should prevent the user from bypassing the certificate error. However, on Firefox for Android, users were given the option to bypass the error, which could only be done explicitly by the user. This could potentially allow a remote attacker to execute arbitrary code by exploiting the vulnerability in the TLS certificate authentication procedure. **Recommendations** For Firefox for Android versions prior to 102, update to version 102 or later to resolve the issue. As a temporary workaround, consider avoiding domains with TLS certificate errors to minimize the risk of exploitation. Restrict access to sensitive information when using Firefox for Android until the update is applied.

**Name of the Vulnerable Software and Affected Versions** Mozilla Firefox versions prior to 90 **Description** The issue is related to the implementation of the HSTS (HTTP Strict Transport Security) mechanism in Mozilla Firefox, which is associated with access control weaknesses. Exploitation of this issue may allow a remote attacker to bypass protection mechanisms. When network partitioning is enabled, such as through Enhanced Tracking Protection settings, a TLS error page would allow the user to override an error on a domain that had specified HSTS, which should not be override-able. However, this issue does not affect network connections, as they are correctly upgraded to HTTPS automatically. **Recommendations** For versions prior to 90, update to version 90 or later to resolve the issue. As a temporary workaround, consider disabling the Enhanced Tracking Protection settings to minimize the risk of exploitation. Restrict access to TLS error pages to prevent users from overriding HSTS errors on domains that specify this security feature.