Published: 26/04/2019 Updated: 30/04/2019

CVSS v2 Base Score: 5.8 | Impact Score: 4.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 7.4 | Impact Score: 5.2 | Exploitability Score: 2.2

VMScore: 516

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N

The Upgrade-Insecure-Requests (UIR) specification states that if UIR is enabled through Content Security Policy (CSP), navigation to a same-origin URL must be upgraded to HTTPS. Firefox prior to 66.0 will incorrectly navigate to an HTTP URL rather than perform the security upgrade requested by the CSP in some circumstances, allowing for potential man-in-the-middle attacks on the linked resources.

Vulnerable Product	Search on Vulmon	Subscribe to Product
mozilla firefox

Several security issues were fixed in Firefox ...

USN-3918-1 caused a regression in Firefox ...

Several security issues were fixed in Firefox ...

USN-3918-1 caused a regression in Firefox ...

Mozilla Foundation Security Advisory 2019-07 Security vulnerabilities fixed in Firefox 66 Announced March 19, 2019 Impact critical Products Firefox Fixed in Firefox 66 ...

The Upgrade-Insecure-Requests (UIR) specification states that if UIR is enabled through Content Security Policy (CSP), navigation to a same-origin URL must be upgraded to HTTPS Firefox before 660 will incorrectly navigate to an HTTP URL rather than perform the security upgrade requested by the CSP in some circumstances, allowing for potential man ...

CWE-346 https://www.mozilla.org/security/advisories/mfsa2019-07/https://w3c.github.io/webappsec-upgrade-insecure-requests/https://bugzilla.mozilla.org/show_bug.cgi?id=1515863 https://bugzilla.mozilla.org/show_bug.cgi?id=1437009 https://nvd.nist.gov https://usn.ubuntu.com/3918-1/https://security.archlinux.org/CVE-2019-9803

CVE-2019-9803

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect