First published: Tue Oct 22 2019(Updated: )
If upgrade-insecure-requests was specified in the Content Security Policy, and a link was dragged and dropped from that page, the link was not upgraded to https.
Credit: security@mozilla.org security@mozilla.org
Affected Software | Affected Version | How to fix |
---|---|---|
Mozilla Firefox | <70 | 70 |
Mozilla Firefox | <70.0 | |
debian/firefox | 133.0.3-1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Found alongside the following vulnerabilities)
CVE-2019-17002 is a vulnerability in Mozilla Firefox versions up to exclusive 70 where if upgrade-insecure-requests was specified in the Content Security Policy, and a link was dragged and dropped from that page, the link was not upgraded to https.
Mozilla Firefox versions up to exclusive 70 are affected by CVE-2019-17002.
CVE-2019-17002 has a low severity with a severity keyword of 'low' and a severity value of 1.
To fix CVE-2019-17002, update your Mozilla Firefox browser to a version higher than 70.
You can find more information about CVE-2019-17002 on the Mozilla Bugzilla page (https://bugzilla.mozilla.org/show_bug.cgi?id=1561056) and the Mozilla security advisory (https://www.mozilla.org/en-US/security/advisories/mfsa2019-34/).