CVE-2019-17002

Reference Links

• https://www.mozilla.org/security/advisories/mfsa2019-34/
• https://bugzilla.mozilla.org/show_bug.cgi?id=1561056
• https://launchpad.net/bugs/cve/CVE-2019-17002
• https://www.mozilla.org/en-US/security/advisories/mfsa2019-34/
• https://www.mozilla.org/en-US/security/advisories/mfsa2019-34/#CVE-2019-17002
• https://security-tracker.debian.org/tracker/CVE-2019-17002
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17002
• https://nvd.nist.gov/vuln/detail/CVE-2019-17002
• https://ubuntu.com/security/CVE-2019-17002

Parent vulnerabilities

(Appears in the following advisories)

• MFSA2019-34

Peer vulnerabilities

(Found alongside the following vulnerabilities)

• CVE-2018-6156
• CVE-2019-15903
• CVE-2019-11757
• CVE-2019-25136
• CVE-2020-12412
• CVE-2019-11759
• CVE-2019-11760
• CVE-2019-11761
• CVE-2019-11762
• CVE-2019-11763
• CVE-2019-11765
• CVE-2019-17000
• CVE-2019-17001
• CVE-2019-17002
• CVE-2019-11764

Frequently Asked Questions

• What is CVE-2019-17002?

  CVE-2019-17002 is a vulnerability in Mozilla Firefox versions up to exclusive 70 where if upgrade-insecure-requests was specified in the Content Security Policy, and a link was dragged and dropped from that page, the link was not upgraded to https.

• Which software versions are affected by CVE-2019-17002?

  Mozilla Firefox versions up to exclusive 70 are affected by CVE-2019-17002.

• What is the severity of CVE-2019-17002?

  CVE-2019-17002 has a low severity with a severity keyword of 'low' and a severity value of 1.

• How can I fix CVE-2019-17002?

  To fix CVE-2019-17002, update your Mozilla Firefox browser to a version higher than 70.

• Where can I find more information about CVE-2019-17002?

  You can find more information about CVE-2019-17002 on the Mozilla Bugzilla page (https://bugzilla.mozilla.org/show_bug.cgi?id=1561056) and the Mozilla security advisory (https://www.mozilla.org/en-US/security/advisories/mfsa2019-34/).