PT-2019-3444 · Mozilla+5 · Firefox Esr+7

Tyson Smith

·

Publicado

2019-07-10

·

Atualizado

2024-12-12

·

CVE-2019-11717

CVSS v3.1

5.3

Média

VetorAV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Name of the Vulnerable Software and Affected Versions Firefox ESR versions 60.7 and earlier Firefox versions prior to 68 Thunderbird versions 60.7 and earlier
Description A vulnerability exists due to improper escaping of the caret (^) character when constructing some URIs, as it is used as a separator. This allows for possible spoofing of origin attributes. The issue is related to errors in escaping the caret symbol, which can be exploited by a remote attacker to compromise data integrity.
Recommendations For Firefox ESR versions 60.7 and earlier, update to version 60.8 or later. For Firefox versions prior to 68, update to version 68 or later. For Thunderbird versions 60.7 and earlier, update to version 60.8 or later.

Exploit

Correção

RCE

Improper Encoding or Escaping of Output

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20CWE-116

Identificadores relacionados

ALT-PU-2019-2231
ALT-PU-2019-2233
ALT-PU-2019-2249
ALT-PU-2019-2259
ALT-PU-2019-2301
ALT-PU-2019-2324
ALT-PU-2019-2479
ALT-PU-2019-2486
ALT-PU-2020-1166
ALT-PU-2020-1515
BDU:2019-03615
CESA-2019_1763
CESA-2019_1764
CESA-2019_1765
CESA-2019_1775
CESA-2019_1777
CESA-2019_1799
CVE-2019-11717
DLA-1869-1
DLA-1870-1
DSA-4479-1
DSA-4482-1
MGASA-2019-0211
MGASA-2019-0212
MGASA-2019-0213
MGASA-2019-0272
OPENSUSE-SU-2019:1782-1
OPENSUSE-SU-2019:1811-1
OPENSUSE-SU-2019:1813-1
OPENSUSE-SU-2019:1990-1
OPENSUSE-SU-2019:2248-1
OPENSUSE-SU-2019:2249-1
OPENSUSE-SU-2019_1782-1
OPENSUSE-SU-2019_1811-1
OPENSUSE-SU-2019_1813-1
OPENSUSE-SU-2019_2248-1
OPENSUSE-SU-2019_2249-1
OPENSUSE-SU-2024:10600-1
OPENSUSE-SU-2024:10601-1
OPENSUSE-SU-2024:14572-1
RHSA-2019:1763
RHSA-2019:1764
RHSA-2019:1765
RHSA-2019:1775
RHSA-2019:1777
RHSA-2019:1799
RHSA-2019_1763
RHSA-2019_1764
RHSA-2019_1765
RHSA-2019_1775
RHSA-2019_1777
RHSA-2019_1799
SUSE-SU-2019:14124-1
SUSE-SU-2019:14246-1
SUSE-SU-2019:1861-1
SUSE-SU-2019:1861-2
SUSE-SU-2019:1861-3
SUSE-SU-2019:1869-1
SUSE-SU-2019:1960-1
SUSE-SU-2019:2515-1
SUSE-SU-2019:2620-1
SUSE-SU-2019_14124-1
SUSE-SU-2019_14246-1
USN-4054-1
USN-4054-2
USN-4064-1

Produtos afetados

Alt Linux
Centos
Firefox
Firefox Esr
Red Hat
Suse
Thunderbird
Ubuntu