CVE-2021-29974
CVSS v3.1
4.3 (Medium)
CVSS v2.0
2.6 (Low)
EPSS
0.10 % (42th)
Affected Products
1
Advisories
5
When network partitioning was enabled, e.g. as a result of Enhanced Tracking Protection settings, a TLS error page would allow the user to override an error on a domain which had specified HTTP Strict Transport Security (which implies that the error should not be override-able.) This issue did not affect the network connections, and they were correctly upgraded to HTTPS automatically. This vulnerability affects Firefox < 90.
Weaknesses
- CVE Status
- PUBLISHED
- CNA
- Mozilla Corporation
- Published Date
-
2021-08-05 20:15:08
(3 years ago) - Updated Date
-
2022-03-16 14:43:50
(2 years ago)
Affected Products
Loading...
Loading...
Configuration #1
|
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...