Lucene search

K
cvelistMozillaCVELIST:CVE-2019-11701
HistoryJul 23, 2019 - 1:21 p.m.

CVE-2019-11701

2019-07-2313:21:25
mozilla
www.cve.org

4.7 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

36.1%

The default webcal: protocol handler will load a web site vulnerable to cross-site scripting (XSS) attacks. This default was left in place as a legacy feature and has now been removed. Note: this issue only affects users with an account on the vulnerable service. Other users are unaffected.. This vulnerability affects Firefox < 67.

CNA Affected

[
  {
    "product": "Firefox",
    "vendor": "Mozilla",
    "versions": [
      {
        "lessThan": "67",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

4.7 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

36.1%