CVE-2022-29910 — Open Redirect in Mozilla Firefox

CWE-601 — Open Redirect4 documents4 sources

Severity

6.1MEDIUMNVD

EPSS

0.2%

top 51.98%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mozilla Firefox Debian Firefox

Timeline

PublishedDec 22

Description

When closed or sent to the background, Firefox for Android would not properly record and persist HSTS settings.*Note: This issue only affected Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 100.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages4 packages

▶CVEListV5mozilla/firefoxunspecified — 100

▶NVDmozilla/firefox< 100.0

▶debiandebian/firefox

▶mozillamozilla/firefox

🔴Vulnerability Details

GHSA

GHSA-3gq8-8fwh-fc7q: When closed or sent to the background, Firefox for Android would not properly record and persist HSTS settings↗2022-12-22

▶

📋Vendor Advisories

Debian

CVE-2022-29910: firefox - When closed or sent to the background, Firefox for Android would not properly re...↗2022

▶

Mozilla

Mozilla Foundation Security Advisory 2022-16: CVE-2022-29910↗

▶