Home > Vulnerability Database > CVE-2022-34469

Mend.io Vulnerability Database

CVE-2022-34469

Date: December 22, 2022

When a TLS Certificate error occurs on a domain protected by the HSTS header, the browser should not allow the user to bypass the certificate error. On Firefox for Android, the user was presented with the option to bypass the error; this could only have been done by the user explicitly. <br>*This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 102.

Severity Score

8.1

Related Resources (5)

Url: https://security.alpinelinux.org/vuln/CVE-2022-34469

Url: https://nvd.nist.gov/vuln/detail/CVE-2022-34469

Url: https://www.mozilla.org/security/advisories/mfsa2022-24/

Url: https://bugzilla.mozilla.org/show_bug.cgi?id=1721220

Url: https://www.mend.io/vulnerability-database/CVE-2022-34469

Severity Score

8.1

Weakness Type (CWE)

Improper Certificate Validation

CWE-295

CVSS v3.1

Base Score:	8.1
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2022-34469

Date: December 22, 2022

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?