{"api_version":"1","generated_at":"2026-04-23T06:19:25+00:00","cve":"CVE-2019-11699","urls":{"html":"https://cve.report/CVE-2019-11699","api":"https://cve.report/api/cve/CVE-2019-11699.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2019-11699","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2019-11699"},"summary":{"title":"CVE-2019-11699","description":"A malicious page can briefly cause the wrong name to be highlighted as the domain name in the addressbar during page navigations. This could result in user confusion of which site is currently loaded for spoofing attacks. This vulnerability affects Firefox < 67.","state":"PUBLIC","assigner":"security@mozilla.org","published_at":"2019-07-23 14:15:00","updated_at":"2020-08-24 17:37:00"},"problem_types":["NVD-CWE-noinfo"],"metrics":[],"references":[{"url":"https://www.mozilla.org/security/advisories/mfsa2019-13/","name":"https://www.mozilla.org/security/advisories/mfsa2019-13/","refsource":"MISC","tags":["Vendor Advisory"],"title":"Security vulnerabilities fixed in Firefox 67 — Mozilla","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1528939","name":"https://bugzilla.mozilla.org/show_bug.cgi?id=1528939","refsource":"MISC","tags":["Issue Tracking","Permissions Required","Vendor Advisory"],"title":"1528939 - (CVE-2019-11699) Awesomebar UI mismatch could lead to successful phishing of Firefox's users","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2019-11699","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-11699","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2019","cve_id":"11699","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mozilla","cpe5":"firefox","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"11699","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mozilla","cpe5":"firefox","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2019-11699","qid":"371854","title":"Free Berkeley Software Distribution (FreeBSD) Security Update for mozilla Multiple Vulnerabilities (44b6dfbf-4ef7-4d52-ad52-2b1b05d81272)"}]},"source_records":{"cve_program":{"data_type":"CVE","data_format":"MITRE","data_version":"4.0","CVE_data_meta":{"ID":"CVE-2019-11699","ASSIGNER":"security@mozilla.org","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"vendor_name":"Mozilla","product":{"product_data":[{"product_name":"Firefox","version":{"version_data":[{"version_value":"67","version_affected":"<"}]}}]}}]}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Incorrect domain name highlighting during page navigation"}]}]},"references":{"reference_data":[{"url":"https://www.mozilla.org/security/advisories/mfsa2019-13/","refsource":"MISC","name":"https://www.mozilla.org/security/advisories/mfsa2019-13/"},{"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1528939","refsource":"MISC","name":"https://bugzilla.mozilla.org/show_bug.cgi?id=1528939"}]},"description":{"description_data":[{"lang":"eng","value":"A malicious page can briefly cause the wrong name to be highlighted as the domain name in the addressbar during page navigations. This could result in user confusion of which site is currently loaded for spoofing attacks. This vulnerability affects Firefox < 67."}]}},"nvd":{"publishedDate":"2019-07-23 14:15:00","lastModifiedDate":"2020-08-24 17:37:00","problem_types":["NVD-CWE-noinfo"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE","baseScore":6.5,"baseSeverity":"MEDIUM"},"exploitabilityScore":2.8,"impactScore":3.6},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE","baseScore":4.3},"severity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*","versionEndExcluding":"67.0","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2019","CveId":"11699","Ordinal":"150021","Title":"CVE-2019-11699","CVE":"CVE-2019-11699","Year":"2019"},"notes":[{"CveYear":"2019","CveId":"11699","Ordinal":"1","NoteData":"A malicious page can briefly cause the wrong name to be highlighted as the domain name in the addressbar during page navigations. This could result in user confusion of which site is currently loaded for spoofing attacks. This vulnerability affects Firefox < 67.","Type":"Description","Title":null},{"CveYear":"2019","CveId":"11699","Ordinal":"2","NoteData":"2019-07-23","Type":"Other","Title":"Published"},{"CveYear":"2019","CveId":"11699","Ordinal":"3","NoteData":"2019-07-23","Type":"Other","Title":"Modified"}]}}}