CVE-2019-11717 — Improper Encoding or Escaping of Output in Mozilla Firefox
Severity
5.3MEDIUMNVD
EPSS
4.7%
top 10.64%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJul 23
Latest updateMay 24
Description
A vulnerability exists where the caret ("^") character is improperly escaped constructing some URIs due to it being used as a separator, allowing for possible spoofing of origin attributes. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:NExploitability: 3.9 | Impact: 1.4
Affected Packages8 packages
Also affects: Debian Linux 8.0
🔴Vulnerability Details
4GHSA▶
GHSA-vp8c-39q7-pxqc: A vulnerability exists where the caret ("^") character is improperly escaped constructing some URIs due to it being used as a separator, allowing for↗2022-05-24
OSV▶
CVE-2019-11717: A vulnerability exists where the caret ("^") character is improperly escaped constructing some URIs due to it being used as a separator, allowing for↗2019-07-23
CVEList▶
CVE-2019-11717: A vulnerability exists where the caret ("^") character is improperly escaped constructing some URIs due to it being used as a separator, allowing for↗2019-07-23