CVE-2019-11715Cross-site Scripting in Mozilla Firefox

CWE-79Cross-site Scripting12 documents7 sources
Severity
6.1MEDIUMNVD
OSV9.8
EPSS
0.6%
top 29.27%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
Mozilla FirefoxMozilla Firefox ESRMozilla Thunderbird+3 more
Timeline
PublishedJul 23
Latest updateMay 24

Description

Due to an error while parsing page content, it is possible for properly sanitized user input to be misinterpreted and lead to XSS hazards on web sites in certain circumstances. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages11 packages

debiandebian/firefox< firefox 68.0-1 (sid)
CVEListV5mozilla/firefoxunspecified68
NVDmozilla/firefox< 60.8.0+1
debiandebian/firefox-esr< firefox 68.0-1 (sid)
CVEListV5mozilla/firefox_esrunspecified60.8

🔴Vulnerability Details

5
GHSA
GHSA-c29g-j2v7-2mwj: Due to an error while parsing page content, it is possible for properly sanitized user input to be misinterpreted and lead to XSS hazards on web sites2022-05-24
OSV
firefox regressions2019-07-25
OSV
CVE-2019-11715: Due to an error while parsing page content, it is possible for properly sanitized user input to be misinterpreted and lead to XSS hazards on web sites2019-07-23
OSV
thunderbird vulnerabilities2019-07-17
OSV
firefox vulnerabilities2019-07-12

📋Vendor Advisories

5
Ubuntu
Firefox regressions2019-07-25
Ubuntu
Thunderbird vulnerabilities2019-07-17
Ubuntu
Firefox vulnerabilities2019-07-12
Red Hat
Mozilla: HTML parsing error can contribute to content XSS2019-07-10
Debian
CVE-2019-11715: firefox - Due to an error while parsing page content, it is possible for properly sanitize...2019

💬Community

1
Bugzilla
CVE-2019-11715 Mozilla: HTML parsing error can contribute to content XSS2019-07-10