Home > Vulnerability Database > CVE-2019-9803

Mend Vulnerability Database

CVE-2019-9803

Good to know:

Date: April 30, 2019

The Upgrade-Insecure-Requests (UIR) specification states that if UIR is enabled through Content Security Policy (CSP), navigation to a same-origin URL must be upgraded to HTTPS. Firefox will incorrectly navigate to an HTTP URL rather than perform the security upgrade requested by the CSP in some circumstances, allowing for potential man-in-the-middle attacks on the linked resources. This vulnerability affects Firefox < 66.

Language: Unix

Severity Score

4.8

Related Resources (5)

Url: https://bugzilla.mozilla.org/show_bug.cgi?id=1437009

Url: https://nvd.nist.gov/vuln/detail/CVE-2019-9803

Url: https://w3c.github.io/webappsec-upgrade-insecure-requests/

Url: https://bugzilla.mozilla.org/show_bug.cgi?id=1515863

Url: https://www.mozilla.org/security/advisories/mfsa2019-07/

Severity Score

4.8

Weakness Type (CWE)

Origin Validation Error

CWE-346

Top Fix

Upgrade Version

No fix version available

CVSS v3.1

Base Score:	4.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	NONE

CVSS v2

Base Score:	5.8
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	PARTIAL
Availability (A):	NONE
Additional information:

Mend Vulnerability Database

We found results for “”

CVE-2019-9803

Good to know:

Date: April 30, 2019

Language: Unix

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?