CVE-2024-10004: Opening an external link to an HTTP website when Firefox iOS was previously closed and had an HTTPS tab open could in some cases result in the padlock icon…

CVE-2024-10004 [CRITICAL] CVE-2024-10004: firefox - Opening an external link to an HTTP website when Firefox iOS was previously clos... Opening an external link to an HTTP website when Firefox iOS was previously closed and had an HTTPS tab open could in some cases result in the padlock icon showing an HTTPS indicator incorrectly This vulnerability affects Firefox for iOS < 131.2. Scope: local sid: resolved

CVE-2024-10004 [CRITICAL] Mozilla Foundation Security Advisory 2024-54: CVE-2024-10004 Mozilla Foundation Security Advisory 2024-54 CVE: CVE-2024-10004 Product: Firefox for iOS Impact: moderate Fixed in: Firefox for iOS 131.2

CVE-2024-10004 [CRITICAL] CWE-1021 GHSA-wh67-cc45-g7cf: Opening an external link to an HTTP website when Firefox iOS was previously closed and had an HTTPS tab open could in some cases result in the padlock Opening an external link to an HTTP website when Firefox iOS was previously closed and had an HTTPS tab open could in some cases result in the padlock icon showing an HTTPS indicator incorrectly This vulnerability affects Firefox for iOS < 131.2.

CVE-2024-10004 [CRITICAL] CVE-2024-10004: Opening an external link to an HTTP website when Firefox iOS was previously closed and had an HTTPS tab open could in some cases result in the padlock Opening an external link to an HTTP website when Firefox iOS was previously closed and had an HTTPS tab open could in some cases result in the padlock icon showing an HTTPS indicator incorrectly This vulnerability affects Firefox for iOS < 131.2.

Firefox (iOS) shows https padlock while connecton is http Firefox (iOS) shows https padlock while connecton is http Created attachment 9409713 Firefox (iOS) shows https padlock while connecton is http - screenshots.zip Steps to reproduce: 1) In Firefox: open at least one tab with an https connection (example: https://mozilla.org) 2) CLOSE Firefox (don't close the tab(s) beforehand) 3) Open an http link (*) in an email, share an http link from another browser to Firefox, or create a shortcut with an http link on your home screen and tap it (*) Examples: http://http.badssl.com or http://www.example.com Actual results: Firefox starts and opens a new tab showing a padlock WITHOUT strike through, as if the connection is using https (server-authenticated and encrypted). See the screenshots attached to further clarify things. (I noticed this wh