Mozilla Firefox 68, Mozilla Firefox ESR 60.8 and Mozilla Thunderbird 60.8: A vulnerability exists where the caret ("^") character is improperly escaped constructing some URIs due to it being used as a separator, allowing for possible spoofing of origin attributes.