[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2019-11717":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T08:55:32.481Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":36,"aliases":46,"duplicate_of":9,"upstream":47,"downstream":48,"duplicates":121,"related":122,"reserved_at":9,"published_at":145,"modified_at":146,"state":147,"summary":148,"references_raw":156,"kevs":218,"epss":219,"epss_history":222,"metrics":479,"affected":489},"CVE-2019-11717","A vulnerability exists where the caret (\"^\") character is improperly escaped constructing some URIs due to it being used as a separator, allowing for possible spoofing of origin attributes. This vulnerability affects Firefox ESR \u003C 60.8, Firefox \u003C 68, and Thunderbird \u003C 60.8.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-116","Improper Encoding or Escaping of Output","The product prepares a structured message for communication with another component, but encoding or escaping of the data is either missing or done incorrectly. As a result, the intended structure of the message is not preserved.","weakness","Draft","Class","High",[20,24,28,32],{"id":21,"name":22,"techniques":23},"CAPEC-104","Cross Zone Scripting",[],{"id":25,"name":26,"techniques":27},"CAPEC-73","User-Controlled Filename",[],{"id":29,"name":30,"techniques":31},"CAPEC-81","Web Server Logs Tampering",[],{"id":33,"name":34,"techniques":35},"CAPEC-85","AJAX Footprinting",[],[37],{"_key":38,"name":39,"source":40,"url":41,"maturity":42,"reliability_score":43,"verified":44,"type":9,"platforms":45,"requires_auth":9,"exploitdb":9,"metasploit":9},"REF_7EB52ABD9546F4ED","Exploit Reference (bugzilla.mozilla.org)","reference","https://bugzilla.mozilla.org/show_bug.cgi?id=1548306","unknown",0.2,false,[],[],[],[49,51,53,55,57,59,61,63,65,67,69,71,73,75,77,79,81,83,85,87,89,91,93,95,97,99,101,103,105,107,109,111,113,115,117,119],{"_key":50},"RHSA-2019:1763",{"_key":52},"RHSA-2019:1764",{"_key":54},"RHSA-2019:1765",{"_key":56},"RHSA-2019:1775",{"_key":58},"RHSA-2019:1777",{"_key":60},"RHSA-2019:1799",{"_key":62},"OPENSUSE-SU-2024:10601-1",{"_key":64},"SUSE-SU-2019:14124-1",{"_key":66},"SUSE-SU-2019:14246-1",{"_key":68},"SUSE-SU-2019:1861-1",{"_key":70},"SUSE-SU-2019:1861-2",{"_key":72},"SUSE-SU-2019:1861-3",{"_key":74},"SUSE-SU-2019:1869-1",{"_key":76},"SUSE-SU-2019:1960-1",{"_key":78},"SUSE-SU-2019:2515-1",{"_key":80},"SUSE-SU-2019:2620-1",{"_key":82},"OPENSUSE-SU-2019:1990-1",{"_key":84},"OPENSUSE-SU-2019:1782-1",{"_key":86},"OPENSUSE-SU-2019:1811-1",{"_key":88},"OPENSUSE-SU-2019:1813-1",{"_key":90},"OPENSUSE-SU-2019:2248-1",{"_key":92},"OPENSUSE-SU-2019:2249-1",{"_key":94},"OPENSUSE-SU-2024:10600-1",{"_key":96},"OPENSUSE-SU-2024:14572-1",{"_key":98},"DLA-1869-1",{"_key":100},"DLA-1870-1",{"_key":102},"DSA-4479-1",{"_key":104},"DSA-4482-1",{"_key":106},"MGASA-2019-0211",{"_key":108},"MGASA-2019-0212",{"_key":110},"MGASA-2019-0213",{"_key":112},"MGASA-2019-0272",{"_key":114},"UBUNTU-CVE-2019-11717",{"_key":116},"USN-4054-1",{"_key":118},"USN-4064-1",{"_key":120},"DEBIAN-CVE-2019-11717",[],[123,124,125,126,127,128,129,130,131,132,133,134,135,136,137,138,139,140,141,142,143,144],{"_key":62},{"_key":108},{"_key":64},{"_key":66},{"_key":68},{"_key":70},{"_key":72},{"_key":74},{"_key":76},{"_key":78},{"_key":80},{"_key":82},{"_key":84},{"_key":86},{"_key":88},{"_key":90},{"_key":92},{"_key":94},{"_key":96},{"_key":106},{"_key":110},{"_key":112},"2019-07-23T13:18:07.000Z","2024-08-04T23:03:32.386Z","Modified",{"cisa_kev":44,"cisa_ransomware":44,"cisa_vendor":9,"epss_severity":149,"epss_score":150,"severity":151,"severity_score":152,"severity_version":153,"severity_source":154,"severity_vector":155,"severity_status":147},"low",0.0319,"medium",5.3,"v3.1","nvd","CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",[157,164,168,172,177,183,187,193,197,202,206,210,214],{"url":158,"sources":159,"tags":161},"https://www.mozilla.org/security/advisories/mfsa2019-21/",[160,154],"cve.org",[162,163],"X Refsource MISC","Vendor Advisory",{"url":165,"sources":166,"tags":167},"https://www.mozilla.org/security/advisories/mfsa2019-22/",[160,154],[162,163],{"url":169,"sources":170,"tags":171},"https://www.mozilla.org/security/advisories/mfsa2019-23/",[160,154],[162,163],{"url":41,"sources":173,"tags":174},[160,154],[162,175,176,163],"Exploit","Issue Tracking",{"url":178,"sources":179,"tags":180},"http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00055.html",[160,154],[163,181,182],"X Refsource SUSE","Third Party Advisory",{"url":184,"sources":185,"tags":186},"http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00058.html",[160,154],[163,181,182],{"url":188,"sources":189,"tags":190},"https://lists.debian.org/debian-lts-announce/2019/08/msg00001.html",[160,154],[191,192,182],"Mailing List","X Refsource MLIST",{"url":194,"sources":195,"tags":196},"https://lists.debian.org/debian-lts-announce/2019/08/msg00002.html",[160,154],[191,192,182],{"url":198,"sources":199,"tags":200},"https://security.gentoo.org/glsa/201908-12",[160,154],[163,201,182],"X Refsource GENTOO",{"url":203,"sources":204,"tags":205},"https://security.gentoo.org/glsa/201908-20",[160,154],[163,201,182],{"url":207,"sources":208,"tags":209},"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00073.html",[160,154],[163,181,182],{"url":211,"sources":212,"tags":213},"http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00010.html",[160,154],[163,181,182],{"url":215,"sources":216,"tags":217},"http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00009.html",[160,154],[163,181,182],[],{"date":220,"score":150,"percentile":221},"2026-06-04",0.87216,[223,227,230,233,236,239,242,244,247,250,253,256,259,261,263,267,269,272,275,278,281,284,286,288,290,293,296,299,302,305,308,311,314,316,320,322,325,328,331,334,337,340,343,346,349,352,355,357,360,363,366,369,372,375,378,381,384,387,390,393,396,399,401,403,406,409,412,415,418,421,423,426,429,432,435,438,440,443,445,448,451,454,457,460,463,465,468,471,473,476],{"date":224,"score":225,"percentile":226},"2025-11-04",0.0375,0.87515,{"date":228,"score":225,"percentile":229},"2025-11-05",0.87516,{"date":231,"score":225,"percentile":232},"2025-11-06",0.87512,{"date":234,"score":225,"percentile":235},"2025-11-07",0.8752,{"date":237,"score":225,"percentile":238},"2025-11-08",0.87522,{"date":240,"score":225,"percentile":241},"2025-11-09",0.87517,{"date":243,"score":225,"percentile":229},"2025-11-10",{"date":245,"score":225,"percentile":246},"2025-11-11",0.87521,{"date":248,"score":225,"percentile":249},"2025-11-12",0.87527,{"date":251,"score":225,"percentile":252},"2025-11-13",0.87532,{"date":254,"score":225,"percentile":255},"2025-11-14",0.87535,{"date":257,"score":225,"percentile":258},"2025-11-15",0.8753,{"date":260,"score":225,"percentile":255},"2025-11-16",{"date":262,"score":225,"percentile":252},"2025-11-17",{"date":264,"score":265,"percentile":266},"2025-11-18",0.01881,0.81686,{"date":268,"score":265,"percentile":266},"2025-11-19",{"date":270,"score":265,"percentile":271},"2025-11-20",0.81691,{"date":273,"score":225,"percentile":274},"2025-11-21",0.87545,{"date":276,"score":225,"percentile":277},"2025-11-22",0.87541,{"date":279,"score":225,"percentile":280},"2025-11-23",0.87537,{"date":282,"score":225,"percentile":283},"2025-11-24",0.87538,{"date":285,"score":225,"percentile":283},"2025-11-25",{"date":287,"score":225,"percentile":280},"2025-11-26",{"date":289,"score":225,"percentile":283},"2025-11-27",{"date":291,"score":225,"percentile":292},"2025-11-28",0.87525,{"date":294,"score":225,"percentile":295},"2025-11-29",0.87598,{"date":297,"score":225,"percentile":298},"2025-11-30",0.87599,{"date":300,"score":225,"percentile":301},"2025-12-01",0.87664,{"date":303,"score":225,"percentile":304},"2025-12-02",0.87666,{"date":306,"score":225,"percentile":307},"2025-12-03",0.87665,{"date":309,"score":225,"percentile":310},"2025-12-04",0.87597,{"date":312,"score":225,"percentile":313},"2025-12-05",0.87601,{"date":315,"score":225,"percentile":295},"2025-12-06",{"date":317,"score":318,"percentile":319},"2025-12-07",0.05007,0.89292,{"date":321,"score":318,"percentile":319},"2025-12-08",{"date":323,"score":318,"percentile":324},"2025-12-09",0.893,{"date":326,"score":318,"percentile":327},"2025-12-10",0.89316,{"date":329,"score":318,"percentile":330},"2025-12-11",0.8932,{"date":332,"score":318,"percentile":333},"2025-12-12",0.89325,{"date":335,"score":318,"percentile":336},"2025-12-13",0.89327,{"date":338,"score":318,"percentile":339},"2025-12-14",0.89329,{"date":341,"score":318,"percentile":342},"2025-12-15",0.89331,{"date":344,"score":318,"percentile":345},"2025-12-16",0.8933,{"date":347,"score":318,"percentile":348},"2025-12-17",0.89336,{"date":350,"score":318,"percentile":351},"2025-12-18",0.89344,{"date":353,"score":318,"percentile":354},"2025-12-19",0.89345,{"date":356,"score":318,"percentile":351},"2025-12-20",{"date":358,"score":318,"percentile":359},"2025-12-21",0.89353,{"date":361,"score":318,"percentile":362},"2025-12-22",0.89354,{"date":364,"score":318,"percentile":365},"2025-12-23",0.89356,{"date":367,"score":318,"percentile":368},"2025-12-24",0.89362,{"date":370,"score":318,"percentile":371},"2025-12-25",0.89373,{"date":373,"score":318,"percentile":374},"2025-12-26",0.89371,{"date":376,"score":318,"percentile":377},"2025-12-27",0.89414,{"date":379,"score":318,"percentile":380},"2025-12-28",0.89365,{"date":382,"score":318,"percentile":383},"2025-12-29",0.89363,{"date":385,"score":318,"percentile":386},"2025-12-30",0.89369,{"date":388,"score":318,"percentile":389},"2025-12-31",0.89376,{"date":391,"score":318,"percentile":392},"2026-01-01",0.89446,{"date":394,"score":318,"percentile":395},"2026-01-02",0.89439,{"date":397,"score":318,"percentile":398},"2026-01-03",0.89437,{"date":400,"score":318,"percentile":389},"2026-01-04",{"date":402,"score":318,"percentile":371},"2026-01-05",{"date":404,"score":318,"percentile":405},"2026-01-06",0.89378,{"date":407,"score":318,"percentile":408},"2026-01-07",0.89381,{"date":410,"score":318,"percentile":411},"2026-01-08",0.89386,{"date":413,"score":318,"percentile":414},"2026-01-09",0.89389,{"date":416,"score":318,"percentile":417},"2026-01-10",0.89391,{"date":419,"score":318,"percentile":420},"2026-01-11",0.89382,{"date":422,"score":318,"percentile":420},"2026-01-12",{"date":424,"score":318,"percentile":425},"2026-01-13",0.89379,{"date":427,"score":318,"percentile":428},"2026-01-14",0.89395,{"date":430,"score":318,"percentile":431},"2026-01-15",0.89396,{"date":433,"score":318,"percentile":434},"2026-01-16",0.89401,{"date":436,"score":318,"percentile":437},"2026-01-17",0.89402,{"date":439,"score":318,"percentile":434},"2026-01-18",{"date":441,"score":318,"percentile":442},"2026-01-19",0.89397,{"date":444,"score":318,"percentile":437},"2026-01-20",{"date":446,"score":318,"percentile":447},"2026-01-21",0.89406,{"date":449,"score":318,"percentile":450},"2026-01-22",0.89409,{"date":452,"score":318,"percentile":453},"2026-01-23",0.8942,{"date":455,"score":318,"percentile":456},"2026-01-24",0.89428,{"date":458,"score":318,"percentile":459},"2026-01-25",0.89429,{"date":461,"score":318,"percentile":462},"2026-01-26",0.89426,{"date":464,"score":318,"percentile":462},"2026-01-27",{"date":466,"score":318,"percentile":467},"2026-01-28",0.89431,{"date":469,"score":318,"percentile":470},"2026-01-29",0.89433,{"date":472,"score":318,"percentile":470},"2026-01-30",{"date":474,"score":318,"percentile":475},"2026-01-31",0.8943,{"date":477,"score":318,"percentile":478},"2026-02-01",0.89496,[480],{"source":154,"cvss_v2_0":481,"cvss_v3_0":9,"cvss_v3_1":486,"cvss_v4_0":9},{"baseScore":482,"baseSeverity":9,"vectorString":483,"impactScore":484,"exploitabilityScore":485},5,"AV:N/AC:L/Au:N/C:N/I:P/A:N",2.9,10,{"baseScore":152,"baseSeverity":487,"vectorString":155,"impactScore":488,"exploitabilityScore":485},"MEDIUM",2.3,[490,499,517,524,530,537],{"ecosystem":9,"name":491,"vendor":492,"product":493,"cpe_part":494,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":495},"debian linux","debian","debian_linux","o",[496],{"version":497,"is_range":44,"range_type":498,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"8.0","cpe",{"ecosystem":9,"name":500,"vendor":501,"product":500,"cpe_part":502,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":503},"firefox","mozilla","a",[504,509,512],{"version":505,"is_range":506,"range_type":498,"version_start":9,"version_start_type":9,"version_end":507,"version_end_type":508,"fixed_in":9},"lt60.8.0",true,"60.8.0","excluding",{"version":510,"is_range":506,"range_type":498,"version_start":9,"version_start_type":9,"version_end":511,"version_end_type":508,"fixed_in":9},"lt68.0","68.0",{"version":513,"is_range":506,"range_type":160,"version_start":514,"version_start_type":515,"version_end":516,"version_end_type":508,"fixed_in":9},">= unspecified, \u003C 68","unspecified","including","68",{"ecosystem":9,"name":518,"vendor":501,"product":519,"cpe_part":502,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":520},"firefox esr","firefox_esr",[521],{"version":522,"is_range":506,"range_type":160,"version_start":514,"version_start_type":515,"version_end":523,"version_end_type":508,"fixed_in":9},">= unspecified, \u003C 60.8","60.8",{"ecosystem":9,"name":525,"vendor":501,"product":526,"cpe_part":502,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":527},"Thunderbird","thunderbird",[528,529],{"version":505,"is_range":506,"range_type":498,"version_start":9,"version_start_type":9,"version_end":507,"version_end_type":508,"fixed_in":9},{"version":522,"is_range":506,"range_type":160,"version_start":514,"version_start_type":515,"version_end":523,"version_end_type":508,"fixed_in":9},{"ecosystem":9,"name":531,"vendor":532,"product":533,"cpe_part":502,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":534},"suse package hub for suse linux enterprise","novell","suse_package_hub_for_suse_linux_enterprise",[535],{"version":536,"is_range":44,"range_type":498,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"12",{"ecosystem":9,"name":538,"vendor":539,"product":538,"cpe_part":494,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":540},"leap","opensuse",[541,543],{"version":542,"is_range":44,"range_type":498,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"15.0",{"version":544,"is_range":44,"range_type":498,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"15.1"]