CVE-2022-34472: 
NixOS vulnerability analysis and mitigation

CVE-2022-34472 is a security vulnerability discovered in Firefox and Firefox ESR browsers that was disclosed on June 28, 2022. The vulnerability affects the browser's handling of PAC (Proxy Auto-Configuration) files and OCSP (Online Certificate Status Protocol) requests. When a PAC URL is configured but the server hosting the PAC file is unreachable, OCSP requests are blocked, resulting in incorrect error pages being displayed (Mozilla Advisory).

The vulnerability stems from a condition where GetIsPACLoading always returns true when the PAC file is not reachable, which blocks OCSP requests from being sent. This affects the browser's ability to verify certificate revocation status, potentially allowing access to sites with revoked certificates. The issue was assigned a moderate severity rating and was fixed by implementing a mechanism to clear the PAC loader when the load fails (Mozilla Bug).

When exploited, this vulnerability prevents OCSP requests from being made when a PAC file is unreachable, which could result in users being able to access websites with revoked SSL certificates. This bypasses an important security mechanism that helps protect users from accessing potentially compromised websites (Mozilla Advisory).

The vulnerability was fixed in Firefox 102, Firefox ESR 91.11, and Firefox ESR 102. The fix involves clearing the PAC loader when the load fails, allowing OCSP requests to proceed normally. Users are advised to upgrade to these or later versions to receive the security fix (Mozilla Advisory, Mozilla Bug).