CVE-2022-45419

Summary

If the user added a security exception for an invalid TLS certificate, opened an ongoing TLS connection with a server that used that certificate, and then deleted the exception, Firefox would have kept the connection alive, making it seem like the certificate was still trusted. This vulnerability affects Firefox < 107.

Affected Software

VendorProductVersion RangeStatus
MozillaFirefoxunspecified < 107affected

Weaknesses

  • Deleting a security exception did not take effect immediately

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References