| Vulnerability Name: | CVE-2021-29974 (CCN-205299) | ||||||||||||
| Assigned: | 2021-07-13 | ||||||||||||
| Published: | 2021-07-13 | ||||||||||||
| Updated: | 2022-03-16 | ||||||||||||
| Summary: | When network partitioning was enabled, e.g. as a result of Enhanced Tracking Protection settings, a TLS error page would allow the user to override an error on a domain which had specified HTTP Strict Transport Security (which implies that the error should not be override-able.) This issue did not affect the network connections, and they were correctly upgraded to HTTPS automatically. This vulnerability affects Firefox < 90. | ||||||||||||
| CVSS v3 Severity: | 4.3 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N) 3.8 Low (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C)
5.7 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C)
| ||||||||||||
| CVSS v2 Severity: | 2.6 Low (CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N)
| ||||||||||||
| Vulnerability Type: | CWE-noinfo | ||||||||||||
| Vulnerability Consequences: | Gain Access | ||||||||||||
| References: | Source: MITRE Type: CNA CVE-2021-29974 Source: MISC Type: Issue Tracking, Vendor Advisory https://bugzilla.mozilla.org/show_bug.cgi?id=1704843 Source: XF Type: UNKNOWN firefox-cve202129974-sec-bypass(205299) Source: GENTOO Type: Third Party Advisory GLSA-202202-03 Source: CCN Type: Mozilla Foundation Security Advisory 2021-28 Security Vulnerabilities fixed in Firefox 90 Source: MISC Type: Vendor Advisory https://www.mozilla.org/security/advisories/mfsa2021-28/ | ||||||||||||
| Vulnerable Configuration: | Configuration 1: Denotes that component is vulnerable | ||||||||||||
| Oval Definitions | |||||||||||||
| |||||||||||||
| BACK | |||||||||||||