Home > Vulnerability Database > CVE-2019-9803

Mend.io Vulnerability Database

CVE-2019-9803

Date: April 26, 2019

The Upgrade-Insecure-Requests (UIR) specification states that if UIR is enabled through Content Security Policy (CSP), navigation to a same-origin URL must be upgraded to HTTPS. Firefox will incorrectly navigate to an HTTP URL rather than perform the security upgrade requested by the CSP in some circumstances, allowing for potential man-in-the-middle attacks on the linked resources. This vulnerability affects Firefox < 66.

Language: Unix

Severity Score

7.4

Related Resources (7)

Url: https://bugzilla.mozilla.org/show_bug.cgi?id=1437009

Url: https://nvd.nist.gov/vuln/detail/CVE-2019-9803

Url: https://w3c.github.io/webappsec-upgrade-insecure-requests/

Url: https://bugzilla.mozilla.org/show_bug.cgi?id=1515863

Url: https://www.mozilla.org/security/advisories/mfsa2019-07/

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2019-9803

Url: https://www.mend.io/vulnerability-database/CVE-2019-9803

Severity Score

7.4

Weakness Type (CWE)

Origin Validation Error

CWE-346

CVSS v3.1

Base Score:	7.4
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	NONE

CVSS v2

Base Score:	5.8
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	PARTIAL
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2019-9803

Date: April 26, 2019

Language: Unix

Severity Score

Related Resources (7)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?