CVE-2024-53975

Summary

Accessing a non-secure HTTP site that uses a non-existent port may cause the SSL padlock icon in the location URL bar to, misleadingly, appear secure. This vulnerability affects Firefox for iOS < 133.

Affected Software

VendorProductVersion RangeStatus
MozillaFirefox for iOSunspecified < 133affected

Weaknesses

  • SSL security padlock icon could be visually spoofed to look secure on an HTTP page

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References