CVE-2019-17002

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 70

Description The issue is related to a security policy vulnerability in the Firefox web browser, which is connected to an insufficient input validation mechanism. This could allow a remote attacker to impact data integrity due to the use of the HTTP protocol. Additionally, if the upgrade-insecure-requests directive was specified in the Content Security Policy and a link was dragged and dropped from that page, the link was not upgraded to HTTPS.

Recommendations For Firefox versions prior to 70, update to version 70 or later to resolve the issue. As a temporary workaround, consider avoiding the use of the HTTP protocol for sensitive data until the update is applied. Restrict access to unsecured links to minimize the risk of exploitation.