CVE-2024-10004

Name of the Vulnerable Software and Affected Versions: Firefox for iOS versions prior to 131.2 Firefox iOS (affected versions not specified, but versions under 131.2 are known to be affected)

Description: The issue is related to the incorrect display of HTTPS indicators in the Firefox browser for iOS. When opening an external link to an HTTP website after the browser was previously closed with an HTTPS tab open, the padlock icon may incorrectly show an HTTPS indicator. This could allow a remote attacker to conduct spoofing attacks.

Recommendations: For Firefox for iOS versions prior to 131.2, update to version 131.2 or later to resolve the issue. As a temporary workaround, consider avoiding the use of external links to HTTP websites when an HTTPS tab is open in the background until a patch is available. Restrict access to untrusted websites to minimize the risk of exploitation.