CVE-2019-11747
Summary
| CVE | CVE-2019-11747 |
|---|
| State | PUBLIC |
|---|
| Assigner | [email protected] |
|---|
| Source Priority | CVE Program / NVD first with legacy fallback |
|---|
| Published | 2019-09-27 18:15:00 UTC |
|---|
| Updated | 2019-10-05 06:15:00 UTC |
|---|
| Description | The "Forget about this site" feature in the History pane is intended to remove all saved user data that indicates a user has visited a site. This includes removing any HTTP Strict Transport Security (HSTS) settings received from sites that use it. Due to a bug, sites on the pre-load list also have their HSTS setting removed. On the next visit to that site if the user specifies an http: URL rather than secure https: they will not be protected by the pre-loaded HSTS setting. After that visit the site's HSTS setting will be restored. This vulnerability affects Firefox < 69 and Firefox ESR < 68.1. |
|---|
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|
| Security vulnerabilities fixed in Firefox 69 — Mozilla |
CONFIRM |
www.mozilla.org |
Vendor Advisory |
| Security vulnerabilities fixed in Firefox ESR 68.1 — Mozilla |
CONFIRM |
www.mozilla.org |
Vendor Advisory |
| [security-announce] openSUSE-SU-2019:2251-1: important: Security update |
SUSE |
lists.opensuse.org |
|
| Access Denied |
MISC |
bugzilla.mozilla.org |
Issue Tracking, Permissions Required, Vendor Advisory |
| [security-announce] openSUSE-SU-2019:2260-1: important: Security update |
SUSE |
lists.opensuse.org |
|
| CVE Program record |
CVE.ORG |
www.cve.org |
canonical |
| NVD vulnerability detail |
NVD |
nvd.nist.gov |
canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 296071 Oracle Solaris 11.4 Support Repository Update (SRU) 27.82.1 Missing (CPUOCT2020)
