CVE-2019-9803

The Upgrade-Insecure-Requests UIR specification states that if UIR is enabled through Content Security Policy CSP, navigation to a same-origin URL must be upgraded to HTTPS. Firefox will incorrectly navigate to an HTTP URL rather than perform the security upgrade requested by the CSP in some...

CVE-2019-9803

The Upgrade-Insecure-Requests UIR specification states that if UIR is enabled through Content Security Policy CSP, navigation to a same-origin URL must be upgraded to HTTPS. Firefox will incorrectly navigate to an HTTP URL rather than perform the security upgrade requested by the CSP in some...

CVE-2019-9803

CVE-2019-9803 affects Mozilla Firefox prior to 66.0. The Upgrade-Insecure-Requests (UIR) mechanism under CSP can fail to upgrade same-origin navigations to HTTPS, potentially enabling MITM on linked resources. Affected component: Firefox browser (versions

USN-3918-3 firefox regression

USN-3918-1 fixed vulnerabilities in Firefox. The update caused web compatibility issues with some websites. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked in to opening a...

Ubuntu 14.04 LTS : Firefox vulnerabilities (USN-3918-2)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3918-2 advisory. USN-3918-1 fixed vulnerabilities in Firefox. This update provides the corresponding updates for Ubuntu 14.04 LTS. Tenable has extracted the preceding...

Mozilla Firefox Man-in-the-Middle Attack Vulnerability (CNVD-2019-08537)

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A security vulnerability exists in Mozilla Firefox prior to version 66, which stems from the program failing to properly perform Upgrade-Insecure-Requests on same-origin navigation, and can be exploite...

USN-3918-1 firefox vulnerabilities

Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, denial of service via successive FTP authorization prompts or modal alerts, trick...

CVE-2019-9803

The Upgrade-Insecure-Requests UIR specification states that if UIR is enabled through Content Security Policy CSP, navigation to a same-origin URL must be upgraded to HTTPS. Firefox will incorrectly navigate to an HTTP URL rather than perform the security upgrade requested by the CSP in some...

UBUNTU-CVE-2019-9803

The Upgrade-Insecure-Requests UIR specification states that if UIR is enabled through Content Security Policy CSP, navigation to a same-origin URL must be upgraded to HTTPS. Firefox will incorrectly navigate to an HTTP URL rather than perform the security upgrade requested by the CSP in some...

ManageEngine Applications Manager 13 - SQL Injection Vulnerability

Exploit for windows platform in category web applications ManageEngine Applications Manager version 13 suffers from multiple post-authentication SQL injection vulnerabilities. Proof of Concept 1 name= parameter is susceptible: POST /manageApplications.do?method=insert HTTP/1.1 Host:...