The HTTP Alternative Services header, `Alt-Svc`, can be used by a malicious site to scan all TCP ports of any host that the accessible to a user when web content is loaded. External Reference: https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11728
Acknowledgments: Name: the Mozilla project Upstream: Trishita Tiwari, Ari Trachtenberg
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2019-11728