Vulnerabilities > CVE-2021-29974 - Unspecified vulnerability in Mozilla Firefox
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
LOW Availability impact
NONE Summary
When network partitioning was enabled, e.g. as a result of Enhanced Tracking Protection settings, a TLS error page would allow the user to override an error on a domain which had specified HTTP Strict Transport Security (which implies that the error should not be override-able.) This issue did not affect the network connections, and they were correctly upgraded to HTTPS automatically. This vulnerability affects Firefox < 90.
Vulnerable Configurations
References
- https://bugzilla.mozilla.org/show_bug.cgi?id=1704843
- https://bugzilla.mozilla.org/show_bug.cgi?id=1704843
- https://security.gentoo.org/glsa/202202-03
- https://security.gentoo.org/glsa/202202-03
- https://www.mozilla.org/security/advisories/mfsa2021-28/
- https://www.mozilla.org/security/advisories/mfsa2021-28/