CVE-2024-10004: 
NixOS vulnerability analysis and mitigation

CVE-2024-10004 is a security vulnerability affecting Firefox for iOS versions prior to 131.2. The vulnerability was discovered by Erik van Straten and was disclosed on October 15, 2024. The issue occurs when opening an external link to an HTTP website when Firefox iOS was previously closed and had an HTTPS tab open (Mozilla Advisory).

The vulnerability manifests as a user interface issue where the padlock icon incorrectly displays an HTTPS indicator for HTTP websites under specific conditions. This occurs when a user opens an external link to an HTTP website after the browser was previously closed with an HTTPS tab open. The vulnerability has been assigned a moderate impact rating by Mozilla (Mozilla Advisory).

The primary impact of this vulnerability is the potential for users to be misled about the security status of websites they are visiting. When exploited, the vulnerability causes the browser to incorrectly display the HTTPS padlock icon for HTTP websites, which could give users a false sense of security about the encryption status of their connection (Mozilla Advisory).

Mozilla has addressed this vulnerability in Firefox for iOS version 131.2. Users are advised to update their Firefox iOS application to this version or later to receive the fix (Mozilla Advisory).