CVE-2022-34469
First published: Tue Jun 28 2022(Updated: )
When a TLS Certificate error occurs on a domain protected by the HSTS header, the browser should not allow the user to bypass the certificate error. On Firefox for Android, the user was presented with the option to bypass the error; this could only have been done by the user explicitly. This bug only affects Firefox for Android. Other operating systems are unaffected.
Credit: security@mozilla.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Firefox | <102 | 102 |
| Firefox | <102.0 | |
| Android |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Peer vulnerabilities
(Found alongside the following vulnerabilities)
Frequently Asked Questions
What is the severity of CVE-2022-34469?
CVE-2022-34469 is classified as a moderate severity vulnerability.
How do I fix CVE-2022-34469?
To fix CVE-2022-34469, update your Mozilla Firefox to version 102 or later.
What platforms are affected by CVE-2022-34469?
CVE-2022-34469 affects Firefox versions prior to 102 on Android devices.
What does CVE-2022-34469 exploit?
CVE-2022-34469 exploits the ability of users to bypass TLS Certificate errors on HSTS-protected domains.
Who is the vendor of the software impacted by CVE-2022-34469?
The vendor of the software impacted by CVE-2022-34469 is Mozilla.
- agent/type
- agent/first-publish-date
- agent/author
- agent/description
- agent/severity
- agent/references
- agent/weakness
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/trending
- agent/source
- agent/softwarecombine
- agent/tags
- collector/mozilla-advisory
- agent/software-canonical-lookup-request
- source/Mozilla
- agent/software-canonical-lookup
- collector/nvd-index
- vendor/mozilla
- canonical/firefox
- vendor/google
- canonical/android