Executive Summary

Informations
NameCVE-2019-11747First vendor Publication2019-09-27
VendorCveLast vendor Modification2019-10-05

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Cvss Base Score4.3Attack RangeNetwork
Cvss Impact Score2.9Attack ComplexityMedium
Cvss Expoit Score8.6AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

The "Forget about this site" feature in the History pane is intended to remove all saved user data that indicates a user has visited a site. This includes removing any HTTP Strict Transport Security (HSTS) settings received from sites that use it. Due to a bug, sites on the pre-load list also have their HSTS setting removed. On the next visit to that site if the user specifies an http: URL rather than secure https: they will not be protected by the pre-loaded HSTS setting. After that visit the site's HSTS setting will be restored. This vulnerability affects Firefox < 69 and Firefox ESR < 68.1.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11747

CWE : Common Weakness Enumeration

%idName
100 %CWE-665Improper Initialization

CPE : Common Platform Enumeration

TypeDescriptionCount
Application420
Application124

Sources (Detail)

SourceUrl
CONFIRM https://www.mozilla.org/security/advisories/mfsa2019-25/
https://www.mozilla.org/security/advisories/mfsa2019-26/
MISC https://bugzilla.mozilla.org/show_bug.cgi?id=1564481
SUSE http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00011.html
http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00017.html

Alert History

If you want to see full details history, please login or register.
0
1
2
3
DateInformations
2019-10-06 21:20:41
  • Multiple Updates
2019-10-05 12:11:01
  • Multiple Updates
2019-10-02 21:19:38
  • Multiple Updates
2019-09-28 12:10:54
  • First insertion