cbcvebase.
CVE-2019-11699
published 2019-07-23

CVE-2019-11699: A malicious page can briefly cause the wrong name to be highlighted as the domain name in the addressbar during page navigations. This could result in user…

PriorityP426medium6.5CVSS 3.0
AVNACLPRNUIRSUCNIHAN
EPSS
0.85%
53.6th percentile
A malicious page can briefly cause the wrong name to be highlighted as the domain name in the addressbar during page navigations. This could result in user confusion of which site is currently loaded for spoofing attacks. This vulnerability affects Firefox < 67.

Affected

9 ranges
VendorProductVersion rangeFixed in
debianfirefox< firefox 67.0-2 (sid)firefox 67.0-2 (sid)
mozillafirefox< 67.067.0
mozillafirefox>= 0 < 67.0+build2-0ubuntu0.16.04.167.0+build2-0ubuntu0.16.04.1
mozillafirefox>= 0 < 67.0.2+build2-0ubuntu0.16.04.167.0.2+build2-0ubuntu0.16.04.1
mozillafirefox>= 0 < 67.0.1+build1-0ubuntu0.16.04.167.0.1+build1-0ubuntu0.16.04.1
mozillafirefox>= 0 < 67.0+build2-0ubuntu0.18.04.167.0+build2-0ubuntu0.18.04.1
mozillafirefox>= 0 < 67.0.2+build2-0ubuntu0.18.04.167.0.2+build2-0ubuntu0.18.04.1
mozillafirefox>= 0 < 67.0.1+build1-0ubuntu0.18.04.167.0.1+build1-0ubuntu0.18.04.1
mozillafirefox>= unspecified < 6767

CVSS provenance

nvdv3.06.5MEDIUMCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
osv9.8CRITICAL
vendor_ubuntu9.8CRITICAL
vendor_debian6.5MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.