CVE-2019-11717

CVSS v3.1 5.3 (Medium)

CVSS v2.0 5 (Medium)

EPSS 1.22 % (86^th)

Affected Products 6

Advisories 40

A vulnerability exists where the caret ("^") character is improperly escaped constructing some URIs due to it being used as a separator, allowing for possible spoofing of origin attributes. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8.

Weaknesses

CWE-116: Improper Encoding or Escaping of Output

CVE Status: PUBLISHED
CNA: Mozilla Corporation
Published Date: 2019-07-23 14:15:15
(5 years ago)
Updated Date: 2023-02-28 14:38:39
(18 months ago)

Affected Products

Debian

Debian Linux

Mozilla

Novell

Suse Package Hub For Suse Linux Enterprise

Opensuse

Leap

Configuration #1

	CPE23	Up To
Mozilla Firefox prior 68.0 version	cpe:2.3:a:mozilla:firefox	< 68.0
Mozilla Firefox Esr prior 60.8.0 version	cpe:2.3:a:mozilla:firefox_esr	< 60.8.0
Mozilla Thunderbird prior 60.8.0 version	cpe:2.3:a:mozilla:thunderbird	< 60.8.0

Configuration #2

		CPE23	From	Up To
	Debian Linux 8.0	cpe:2.3:o:debian:debian_linux:8.0

Configuration #3

		CPE23	From	Up To
	Novell Suse Package Hub for Suse Linux Enterprise 12	cpe:2.3:a:novell:suse_package_hub_for_suse_linux_enterprise:12
	Opensuse Leap 15.0	cpe:2.3:o:opensuse:leap:15.0
	Opensuse Leap 15.1	cpe:2.3:o:opensuse:leap:15.1