CVE-2022-34469
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
When a TLS Certificate error occurs on a domain protected by the HSTS header, the browser should not allow the user to bypass the certificate error. On Firefox for Android, the user was presented with the option to bypass the error; this could only have been done by the user explicitly. <br>*This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 102.
Cuando se produce un error de certificado TLS en un dominio protegido por el encabezado HSTS, el navegador no debe permitir que el usuario omita el error de certificado. En Firefox para Android, al usuario se le presentó la opción de evitar el error; esto sólo podría haberlo hecho explícitamente el usuario. <br>*Este error sólo afecta a Firefox para Android. Otros sistemas operativos no se ven afectados.*. Esta vulnerabilidad afecta a Firefox < 102.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2022-06-24 CVE Reserved
- 2022-12-22 CVE Published
- 2024-07-14 EPSS Updated
- 2024-08-03 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-295: Improper Certificate Validation
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://www.mozilla.org/security/advisories/mfsa2022-24 | 2023-01-04 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Mozilla Search vendor "Mozilla" | Firefox Search vendor "Mozilla" for product "Firefox" | < 102.0 Search vendor "Mozilla" for product "Firefox" and version " < 102.0" | - |
Affected
| in | Google Search vendor "Google" | Android Search vendor "Google" for product "Android" | - | - |
Safe
|