CVE-2019-17002 log

Source
Severity Low
Remote Yes
Type Access restriction bypass
Description
An issue has been found in Firefox before 70.0 where, if upgrade-insecure-requests was specified in the Content Security Policy, and a link was dragged and dropped from that page, the link was not upgraded to https.
Group Package Affected Fixed Severity Status Ticket
AVG-1055 firefox 69.0.3-1 70.0-1 Critical Fixed
Date Advisory Group Package Severity Description
26 Oct 2019 ASA-201910-16 AVG-1055 firefox Critical multiple issues
References
https://www.mozilla.org/en-US/security/advisories/mfsa2019-34/#CVE-2019-17002
https://bugzilla.mozilla.org/show_bug.cgi?id=1561056