CVE-2019-11717

Summary

A vulnerability exists where the caret ("^") character is improperly escaped constructing some URIs due to it being used as a separator, allowing for possible spoofing of origin attributes. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8.

Affected Software

VendorProductVersion RangeStatus
MozillaFirefox ESRunspecified < 60.8affected
MozillaFirefoxunspecified < 68affected
MozillaThunderbirdunspecified < 60.8affected

Weaknesses

  • Caret character improperly escaped in origins

ADP Enrichment

CVE Program Container

Additional References

References