CVE-2019-17016
published 2020-01-08CVE-2019-17016: When pasting a tag from the clipboard into a rich text editor, the CSS sanitizer incorrectly rewrites a @namespace rule. This could allow for injection into…
medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
When pasting a tag from the clipboard into a rich text editor, the CSS sanitizer incorrectly rewrites a @namespace rule. This could allow for injection into certain types of websites resulting in data exfiltration. This vulnerability affects Firefox ESR < 68.4 and Firefox < 72.
Affected
29 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | firefox | < firefox 72.0-1 (sid) | firefox 72.0-1 (sid) |
| debian | firefox-esr | < firefox 72.0-1 (sid) | firefox 72.0-1 (sid) |
| debian | thunderbird | < firefox 72.0-1 (sid) | firefox 72.0-1 (sid) |
| mozilla | firefox | < 72.0 | 72.0 |
| mozilla | firefox | — | — |
| mozilla | firefox | — | — |
| mozilla | firefox_esr | < 68.4 | 68.4 |
| mozilla | firefox_esr | — | — |
| mozilla | thunderbird | >= 0 < 1:68.4.1-1 | 1:68.4.1-1 |
| mozilla | thunderbird | >= 0 < 1:68.4.1-1 | 1:68.4.1-1 |
| mozilla | thunderbird | >= 0 < 1:68.4.1-1 | 1:68.4.1-1 |
| mozilla | thunderbird | >= 0 < 1:68.4.1-1 | 1:68.4.1-1 |
| mozilla | thunderbird | >= 0 < 1:68.7.0+build1-0ubuntu0.16.04.2 | 1:68.7.0+build1-0ubuntu0.16.04.2 |
| mozilla | thunderbird | >= 0 < 1:68.4.1+build1-0ubuntu0.18.04.1 | 1:68.4.1+build1-0ubuntu0.18.04.1 |
| redhat | enterprise_linux_desktop | — | — |
| redhat | enterprise_linux_desktop | — | — |
| redhat | enterprise_linux_server | — | — |
| redhat | enterprise_linux_server | — | — |
CVSS provenance
nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
osv8.8HIGH