PT-2022-7521 · Mozilla+4 · Firefox+4

Ronald Crane

Published

2022-10-10

Updated

2025-03-14

CVE-2022-45419

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:C/A:N

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 107

Description The issue is related to the implementation of the TLS protocol in Firefox, specifically with errors in the certificate authentication procedure. If a user adds a security exception for an invalid TLS certificate, establishes an ongoing TLS connection with a server using that certificate, and then deletes the exception, Firefox would keep the connection alive, making it seem like the certificate was still trusted. This could potentially allow a remote attacker to impact data integrity.

Recommendations For versions prior to 107, update to version 107 or later to resolve the issue. As a temporary workaround, consider avoiding the use of security exceptions for invalid TLS certificates until the issue is resolved. Restrict access to sensitive data when using Firefox versions prior to 107 to minimize the risk of exploitation.

Exploit

Fix

Improper Certificate Validation

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-295

Related Identifiers

ALT-PU-2022-3090

ALT-PU-2022-3270

ALT-PU-2023-5754

ALT-PU-2023-6436

ALT-PU-2024-3614

BDU:2024-06947

CVE-2022-45419

OESA-2025-1265

OESA-2025-1268

OPENSUSE-SU-2024:12518-1

OPENSUSE-SU-2024:14572-1

USN-5726-1

Affected Products

Alt Linux

Astra Linux

Firefox

Linuxmint

Ubuntu

PT-2022-7521 · Mozilla+4 · Firefox+4

CVE-2022-45419

Weakness Enumeration

Related Identifiers

Affected Products

References · 2093