Allele Security Alert
ASA-2019-00438
Identifier(s)
ASA-2019-00438, CVE-2019-11717, MFSA2019-21
Title
Caret character improperly escaped in origins
Vendor(s)
Mozilla
Product(s)
Mozilla Firefox
Affected version(s)
Mozilla Firefox version before 68
Fixed version(s)
Mozilla Firefox version 68
Proof of concept
Unknown
Description
A vulnerability exists where the caret (“^”) character is improperly escaped constructing some URIs due to it being used as a separator, allowing for possible spoofing of origin attributes.
Technical details
Unknown
Credits
Tyson Smith
Reference(s)
Mozilla Foundation Security Advisory 2019-21
https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11717
Bug 1548306
https://bugzilla.mozilla.org/show_bug.cgi?id=1548306
CVE-2019-11717
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11717
CVE-2019-11717
https://nvd.nist.gov/vuln/detail/CVE-2019-11717
If there is any error in this alert or you wish a comprehensive analysis, let us know.
Last modified: July 17, 2019