---

CVE-2019-17002 - log back

CVE-2019-17002 edited at 26 Oct 2019 21:31:55
Severity	- Unknown + Low
Remote	- Unknown + Remote
Type	- Unknown + Access restriction bypass
Description	+ An issue has been found in Firefox before 70.0 where, if upgrade-insecure-requests was specified in the Content Security Policy, and a link was dragged and dropped from that page, the link was not upgraded to https.
References	+ https://www.mozilla.org/en-US/security/advisories/mfsa2019-34/#CVE-2019-17002 + https://bugzilla.mozilla.org/show_bug.cgi?id=1561056
Notes

CVE-2019-17002 created at 26 Oct 2019 17:47:06