Mozilla Foundation Security Advisory 2024-66
Security Vulnerabilities fixed in Firefox for iOS 133
- Announced
- November 26, 2024
- Impact
- moderate
- Products
- Firefox for iOS
- Fixed in
- 
        - Firefox for iOS 133
 
#CVE-2024-53975: SSL security padlock icon could be visually spoofed to look secure on an HTTP page
- Reporter
- James Lee
- Impact
- moderate
Description
Accessing a non-secure HTTP site that uses a non-existent port may cause the SSL padlock icon in the location URL bar to, misleadingly, appear secure.
References
#CVE-2024-53976: Missing address from location URL bar
- Reporter
- Bharat Adhikari
- Impact
- moderate
Description
Under certain circumstances, navigating to a webpage would result in the address missing from the location URL bar, making it unclear what the URL was for the loaded webpage.