CVE-2019-17002

CVSS v3.1 4.3 (Medium)

CVSS v2.0 4.3 (Medium)

EPSS 0.11 % (45^th)

Affected Products 1

Advisories 4

If upgrade-insecure-requests was specified in the Content Security Policy, and a link was dragged and dropped from that page, the link was not upgraded to https. This vulnerability affects Firefox < 70.

Weaknesses

CWE-NVD-noinfo

CVE Status: PUBLISHED
CNA: Mozilla Corporation
Published Date: 2020-01-08 22:15:11
(4 years ago)
Updated Date: 2021-07-21 11:39:23
(3 years ago)

Affected Products

Mozilla

Firefox

Configuration #1

		CPE23	From	Up To
	Mozilla Firefox prior 70.0 version	cpe:2.3:a:mozilla:firefox		< 70.0