PT-2022-2466 · Mozilla+1 · Firefox For Android+1

Mark B

Published

2022-05-03

Updated

2024-12-12

CVE-2022-29910

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:C/A:N

Name of the Vulnerable Software and Affected Versions Firefox for Android versions prior to 100

Description The issue is related to errors in saving HSTS settings in Firefox for Android. When the browser is closed or sent to the background, it would not properly record and persist these settings. This could potentially allow a remote attacker to impact data integrity. The issue only affects Firefox for Android, with other operating systems being unaffected.

Recommendations For Firefox for Android versions prior to 100, update to version 100 or later to resolve the issue. As a temporary workaround, consider avoiding closing or sending the browser to the background to minimize the risk of HSTS setting loss.

Exploit

Fix

Open Redirect

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-17CWE-601

Related Identifiers

ALT-PU-2022-1812

ALT-PU-2022-2930

ALT-PU-2023-1139

ALT-PU-2023-4336

ALT-PU-2023-4339

BDU:2022-02872

CVE-2022-29910

OPENSUSE-SU-2024:12044-1

OPENSUSE-SU-2024:14572-1

Affected Products

Alt Linux

Firefox For Android

PT-2022-2466 · Mozilla+1 · Firefox For Android+1

CVE-2022-29910

Weakness Enumeration

Related Identifiers

Affected Products

References · 1869