CVE-2019-17002: Medium severity Mozilla Firefox vulnerability

Q: What is CVE-2019-17002?

CVE-2019-17002 is a vulnerability in Mozilla Firefox versions up to exclusive 70 where if upgrade-insecure-requests was specified in the Content Security Policy, and a link was dragged and dropped from that page, the link was not upgraded to https.

Q: Which software versions are affected by CVE-2019-17002?

Mozilla Firefox versions up to exclusive 70 are affected by CVE-2019-17002.

Q: What is the severity of CVE-2019-17002?

CVE-2019-17002 has a low severity with a severity keyword of 'low' and a severity value of 1.

Q: How can I fix CVE-2019-17002?

To fix CVE-2019-17002, update your Mozilla Firefox browser to a version higher than 70.

Q: Where can I find more information about CVE-2019-17002?

You can find more information about CVE-2019-17002 on the Mozilla Bugzilla page (https://bugzilla.mozilla.org/show_bug.cgi?id=1561056) and the Mozilla security advisory (https://www.mozilla.org/en-US/security/advisories/mfsa2019-34/).

Published Oct 22, 2019

Updated

If upgrade-insecure-requests was specified in the Content Security Policy, and a link was dragged and dropped from that page, the link was not upgraded to https.

Affected Software

3 affected componentsFixes available

Mozilla Firefox<70

Mozilla Firefox<70.0

debian/firefox

148.0.2-1

Event History

Oct 22, 2019

CVE Published

12:00 AM

Jan 8, 2020

CVE Published

via MITRE·09:13 PM

Data Sourced

via MITRE·09:13 PM

DescriptionWeakness

Jan 11, 2024

Data Sourced

via Launchpad·11:22 PM

Description

Feb 20, 2026

Data Sourced

via Ubuntu·08:32 PM

RemedyDescriptionSeverityAffected Software

Mar 11, 2026

Data Sourced

via Debian·08:47 PM

DescriptionAffected Software

Parent advisories

This vulnerability appears in the following advisories.

MFSA2019-34

Peer vulnerabilities

Found alongside the following vulnerabilities.

Frequently Asked Questions

What is CVE-2019-17002?

CVE-2019-17002 is a vulnerability in Mozilla Firefox versions up to exclusive 70 where if upgrade-insecure-requests was specified in the Content Security Policy, and a link was dragged and dropped from that page, the link was not upgraded to https.

Which software versions are affected by CVE-2019-17002?

Mozilla Firefox versions up to exclusive 70 are affected by CVE-2019-17002.

What is the severity of CVE-2019-17002?

CVE-2019-17002 has a low severity with a severity keyword of 'low' and a severity value of 1.

How can I fix CVE-2019-17002?

To fix CVE-2019-17002, update your Mozilla Firefox browser to a version higher than 70.

Where can I find more information about CVE-2019-17002?

You can find more information about CVE-2019-17002 on the Mozilla Bugzilla page (https://bugzilla.mozilla.org/show_bug.cgi?id=1561056) and the Mozilla security advisory (https://www.mozilla.org/en-US/security/advisories/mfsa2019-34/).

CVE-2019-17002: Medium severity Mozilla Firefox vulnerability

Affected Software

Event History

Parent advisories

Peer vulnerabilities

Don't miss critical vulnerabilities

Frequently Asked Questions

What is CVE-2019-17002?

Which software versions are affected by CVE-2019-17002?

What is the severity of CVE-2019-17002?

How can I fix CVE-2019-17002?

Where can I find more information about CVE-2019-17002?

Company

Resources

Contact