CVE-2024-53975 – This vulnerability causes Firefox for iOS to in... (How to Fix)

Q: What is the severity of CVE-2024-53975?

CVE-2024-53975 has a CVSS score of 5.4 (MEDIUM). This vulnerability causes Firefox for iOS to incorrectly display a secure SSL padlock icon when accessing HTTP sites on non-existent ports, creating a false sense of security. It affects Firefox for iOS users on versions below 133. The issue is a UI/UX bug that misrepresents connection security.

📋 TL;DR

This vulnerability causes Firefox for iOS to incorrectly display a secure SSL padlock icon when accessing HTTP sites on non-existent ports, creating a false sense of security. It affects Firefox for iOS users on versions below 133. The issue is a UI/UX bug that misrepresents connection security.

💻 Affected Systems

Products:

Firefox for iOS

Versions: All versions below 133

Operating Systems: iOS

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects Firefox for iOS, not desktop Firefox or other browsers. Requires accessing HTTP sites on non-existent ports.

📦 What is this software?

Firefox by Mozilla

View all CVEs affecting Firefox →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Users could be tricked into entering sensitive information on unencrypted HTTP sites, believing they are secure due to the misleading padlock icon, potentially leading to credential theft or data interception.

🟠

Likely Case

Users might develop false confidence in HTTP sites, potentially entering non-critical personal information on unencrypted connections that could be intercepted.

🟢

If Mitigated

With proper user education about checking URLs and using HTTPS, the impact is minimal as the actual connection remains unencrypted regardless of the icon.

🌐 Internet-Facing: LOW

🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: NO

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires user interaction to visit a specially crafted HTTP URL with a non-existent port. No code execution or privilege escalation is involved.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Firefox for iOS 133

Vendor Advisory: https://www.mozilla.org/security/advisories/mfsa2024-66/

Restart Required: No

Instructions:

1. Open the App Store on iOS. 2. Search for Firefox. 3. Tap Update to install version 133 or higher. 4. The update will apply automatically.

🔧 Temporary Workarounds

Use HTTPS-only mode

all

Enable HTTPS-only mode in Firefox settings to prevent HTTP connections

Switch to alternative browser

all

Temporarily use Safari or another browser until Firefox is updated

🧯 If You Can't Patch

Educate users to manually check URLs for 'https://' prefix before entering sensitive information
Implement network filtering to block HTTP traffic to non-standard ports

🔍 How to Verify

Check if Vulnerable:

Open Firefox for iOS, go to Settings > About Firefox, check if version is below 133

Check Version:

Not applicable for iOS apps; check in app settings

Verify Fix Applied:

After updating, verify version is 133 or higher in Settings > About Firefox

📡 Detection & Monitoring

Log Indicators:

Unusual HTTP traffic to non-standard ports from iOS devices

Network Indicators:

HTTP requests to unusual ports (not 80, 8080, etc.)

SIEM Query:

source="firefox_ios_logs" AND url="http://*:*" AND port NOT IN (80, 8080, 443)

📊 Metadata

CVE ID: CVE-2024-53975

CVSS v3 Score: 5.4 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L

Published: November 26, 2024

Last Updated: October 28, 2025

🔗 References

https://bugzilla.mozilla.org/show_bug.cgi?id=1843467 Issue Tracking,Permissions Required
https://www.mozilla.org/security/advisories/mfsa2024-66/ Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON