CVE-2019-17000Cross-site Scripting in Mozilla Firefox

CWE-79Cross-site ScriptingCWE-190Integer Overflow or WraparoundCWE-822Untrusted Pointer Dereference10 documents6 sources
Severity
6.1MEDIUMNVD
EPSS
0.2%
top 62.88%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Mozilla FirefoxDebian Firefox
Timeline
PublishedJan 8
Latest updateMay 24

Description

An object tag with a data URI did not correctly inherit the document's Content Security Policy. This allowed a CSP bypass in a cross-origin frame if the document's policy explicitly allowed data: URIs. This vulnerability affects Firefox < 70.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages4 packages

debiandebian/firefox< firefox 70.0-1 (sid)
NVDmozilla/firefox< 70.0+1
Ubuntumozilla/firefox< 70.0+build2-0ubuntu0.16.04.1+2
CVEListV5mozilla/firefoxbefore 70

🔴Vulnerability Details

4
GHSA
GHSA-5v69-m66w-jfqv: An object tag with a data URI did not correctly inherit the document's Content Security Policy2022-05-24
GHSA
GHSA-pcxf-xvjr-2qpp: A Content-Security-Policy that blocks in-line scripts could be bypassed using an object tag to execute JavaScript in the protected document (cross-sit2022-05-24
OSV
CVE-2019-17001: A Content-Security-Policy that blocks in-line scripts could be bypassed using an object tag to execute JavaScript in the protected document (cross-sit2019-10-23
OSV
CVE-2019-17000: An object tag with a data URI did not correctly inherit the document's Content Security Policy2019-10-23

📋Vendor Advisories

4
Ubuntu
Firefox vulnerabilities2019-10-23
Debian
CVE-2019-17000: firefox - An object tag with a data URI did not correctly inherit the document's Content S...2019
Debian
CVE-2019-17001: firefox - A Content-Security-Policy that blocks in-line scripts could be bypassed using an...2019
Red Hat
libtiff: integer overflow in libtiff/tif_dirwrite.c resulting in an invalid pointer dereference2018-12-18