CVE-2022-34469: 
NixOS vulnerability analysis and mitigation

CVE-2022-34469 is a security vulnerability discovered in Firefox for Android that affects versions prior to 102. The vulnerability allows users to bypass TLS certificate errors on domains protected by HTTP Strict Transport Security (HSTS) headers. The issue was discovered by Peter Gerber and publicly disclosed on June 28, 2022 (Mozilla Advisory).

The vulnerability occurs when a TLS Certificate error is encountered on a domain protected by the HSTS header. According to RFC 6797 Section 12.1 of the HSTS specification, certificate errors should be handled with 'no user recourse', meaning users should not be presented with an option to proceed. However, on Firefox for Android, users were incorrectly presented with an 'Accept the Risk and Continue' button, allowing them to bypass the certificate error. The vulnerability was assigned a moderate severity rating (Mozilla Advisory, Mozilla Bugzilla).

The vulnerability could potentially allow users to bypass important security measures designed to protect against man-in-the-middle attacks and other TLS certificate-related threats on HSTS-protected domains. This bypass could only be triggered by explicit user action, which somewhat mitigates the potential impact (Mozilla Advisory).

The vulnerability was fixed in Firefox 102. Users should upgrade to Firefox 102 or later versions to receive the security fix. The fix involved adding a new error code (BADSTSCERT) to properly handle certificate errors on HSTS-protected domains (Mozilla Advisory).