Related Vulnerabilities: CVE-2021-29974  

When network partitioning was enabled, e.g. as a result of Enhanced Tracking Protection settings, a TLS error page would allow the user to override an error on a domain which had specified HTTP Strict Transport Security (which implies that the error should not be override-able.) This issue did not affect the network connections, and they were correctly upgraded to HTTPS automatically.

Severity Medium

Remote Yes

Type Insufficient validation

Description

When network partitioning was enabled, e.g. as a result of Enhanced Tracking Protection settings, a TLS error page would allow the user to override an error on a domain which had specified HTTP Strict Transport Security (which implies that the error should not be override-able.) This issue did not affect the network connections, and they were correctly upgraded to HTTPS automatically.

AVG-2148 firefox 89.0.2-1 90.0-1 High Testing

https://www.mozilla.org/security/advisories/mfsa2021-28/
https://bugzilla.mozilla.org/show_bug.cgi?id=1704843