CVE-2019-11721: Medium severity firefox vulnerability

Q: What is CVE-2019-11721?

CVE-2019-11721 is a vulnerability that allows for domain spoofing attacks in Firefox versions prior to 68.

Q: How does CVE-2019-11721 work?

CVE-2019-11721 works by using the unicode latin 'kra' character to spoof a standard 'k' character in the address bar, which can lead to user confusion.

Q: Which software versions are affected by CVE-2019-11721?

CVE-2019-11721 affects Firefox versions prior to 68.

Q: What is the severity of CVE-2019-11721?

The severity of CVE-2019-11721 is rated as medium with a CVSS score of 6.5.

Q: How do I fix CVE-2019-11721?

To fix CVE-2019-11721, update your Firefox browser to version 68 or above.

Published Jul 9, 2019

Updated

The unicode latin 'kra' character can be used to spoof a standard 'k' character in the addressbar. This allows for domain spoofing attacks as do not display as punycode text, allowing for user confusion.

Affected Software

5 affected componentsFixes available

Mozilla Firefox<68.0

openSUSE Leap=15.0

openSUSE Leap=15.1

Mozilla Thunderbird<68

Mozilla Firefox<68

Event History

Jul 9, 2019

CVE Published

12:00 AM

Jul 23, 2019

CVE Published

via MITRE·01:17 PM

Data Sourced

via MITRE·01:17 PM

DescriptionWeakness

Parent advisories

This vulnerability appears in the following advisories.

Peer vulnerabilities

Found alongside the following vulnerabilities.

Frequently Asked Questions

What is CVE-2019-11721?

CVE-2019-11721 is a vulnerability that allows for domain spoofing attacks in Firefox versions prior to 68.

How does CVE-2019-11721 work?

CVE-2019-11721 works by using the unicode latin 'kra' character to spoof a standard 'k' character in the address bar, which can lead to user confusion.

Which software versions are affected by CVE-2019-11721?