**⇄ Σ = Mᄃ² ⇆** @[email protected] · Aug 29, 2023, 09:11

**⇄ Σ = Mᄃ² ⇆** @[email protected] · Aug 29, 2023, 09:11

⇄ Σ = Mᄃ² ⇆ @[email protected]

Aug 29, 2023, 09:11

VULNERABILITY:
Firefox only stores up to 1024 HSTS entries.
When the limit is reached, Firefox discards entries based on their age and recent visits to the domain in question.

#CoSoSec.

https://seclists.org/fulldisclosure/2023/Aug/31

**⇄ Σ = Mᄃ² ⇆** @[email protected] · Aug 29, 2023, 09:11

**⇄ Σ = Mᄃ² ⇆** @[email protected] · Aug 29, 2023, 09:11

Aug 29, 2023, 09:11

⇄ Σ = Mᄃ² ⇆ @[email protected]

IMPACT:
The HSTS header ensures that once a page has been visited, the browser will attempt to connect to it using HTTPS. The limit means that Firefox effectively does not store any further HSTS headers, as new ones permanently override each other. Sites without HSTS protection are vulnerable to machine-in-the-middle attacks, especially downgrade attacks such as SSL Stripping.

**willc** @[email protected] · Aug 29, 2023, 12:23

**willc** @[email protected] · Aug 29, 2023, 12:23

Aug 29, 2023, 12:23

willc @[email protected]

@ecksmc "Sites without HSTS protection are vulnerable..."
Makes it sound like this isn't necessarily just a Firefox vulnerability, but you'd need someone to be using Firefox to exploit it.