CVE-2021-29974

Summary

When network partitioning was enabled, e.g. as a result of Enhanced Tracking Protection settings, a TLS error page would allow the user to override an error on a domain which had specified HTTP Strict Transport Security (which implies that the error should not be override-able.) This issue did not affect the network connections, and they were correctly upgraded to HTTPS automatically. This vulnerability affects Firefox < 90.

Affected Software

VendorProductVersion RangeStatus
MozillaFirefoxunspecified < 90affected

Weaknesses

  • HSTS errors could be overridden when network partitioning was enabled

ADP Enrichment

CVE Program Container

Additional References

References