Hawk Mozilla Hawk

Do you want an email whenever new security vulnerabilities are reported in Mozilla Hawk?

By the Year

In 2024 there have been 0 vulnerabilities in Mozilla Hawk . Hawk did not have any published security vulnerabilities last year.

Year Vulnerabilities Average Score
2024 0 0.00
2023 0 0.00
2022 1 7.50
2021 0 0.00
2020 0 0.00
2019 0 0.00
2018 0 0.00

It may take a day or so for new Hawk vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Mozilla Hawk Security Vulnerabilities

Hawk is an HTTP authentication scheme providing mechanisms for making authenticated HTTP requests with partial cryptographic verification of the request and response

CVE-2022-29167 7.5 - High - May 05, 2022

Hawk is an HTTP authentication scheme providing mechanisms for making authenticated HTTP requests with partial cryptographic verification of the request and response, covering the HTTP method, request URI, host, and optionally the request payload. Hawk used a regular expression to parse `Host` HTTP header (`Hawk.utils.parseHost()`), which was subject to regular expression DoS attack - meaning each added character in the attacker's input increases the computation time exponentially. `parseHost()` was patched in `9.0.1` to use built-in `URL` class to parse hostname instead. `Hawk.authenticate()` accepts `options` argument. If that contains `host` and `port`, those would be used instead of a call to `utils.parseHost()`.

ReDoS

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Mozilla Hawk or by Mozilla? Click the Watch button to subscribe.

Mozilla
Vendor

Mozilla Hawk
Product

subscribe