Description
Opening an external link to an HTTP website when Firefox iOS was previously closed and had an HTTPS tab open could in some cases result in the padlock icon showing an HTTPS indicator incorrectly This vulnerability affects Firefox for iOS < 131.2.
References (2)
Core 2
Core References
Issue Tracking, Permissions Required
https://bugzilla.mozilla.org/show_bug.cgi?id=1904885
Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2024-54/
Scores
CVSS v3
9.1
EPSS
0.0038
EPSS Percentile
29.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
total
Details
CWE
CWE-1021
Status
published
Products (1)
mozilla/firefox
< 131.2.0
Published
Oct 15, 2024
Tracked Since
Feb 18, 2026