CVE-2019-9803

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 66

Description The issue is related to the Upgrade-Insecure-Requests (UIR) specification and Content Security Policy (CSP) in Firefox. When UIR is enabled through CSP, Firefox should upgrade navigation to a same-origin URL to HTTPS. However, in some cases, Firefox incorrectly navigates to an HTTP URL instead of performing the security upgrade, potentially allowing man-in-the-middle attacks on linked resources. This could allow a remote attacker to access and compromise confidential data.

Recommendations For versions prior to 66, update to version 66 or later to resolve the issue. As a temporary workaround, consider disabling the UIR feature through CSP until a patch is available. Restrict access to sensitive data and resources to minimize the risk of exploitation.