Loading HuntDB...

Vulnerability Intelligence by wss.sh

Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog Latest Updates Security News

More Sources

HackerOne Reports

Bug bounty disclosures

WordPress Vulnerabilities

WordPress plugins & themes

Tools & Data

Trending Insights

Popular vulnerabilities

Advanced Search

Filter & search CVEs

Product Inventory

Software & vendors

Sign In Sign Up

CVE-2019-17016

UNKNOWN

Published 2020-01-08T21:27:03

Actions:

No CVSS data available

Description

When pasting a <style> tag from the clipboard into a rich text editor, the CSS sanitizer incorrectly rewrites a @namespace rule. This could allow for injection into certain types of websites resulting in data exfiltration. This vulnerability affects Firefox ESR < 68.4 and Firefox < 72.

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

Affected Products

Firefox ESR

Affected Versions:

before 68.4

Firefox

Affected Versions:

before 72

References

https://bugzilla.mozilla.org/show_bug.cgi?id=1599181

https://www.mozilla.org/security/advisories/mfsa2020-01/

https://www.mozilla.org/security/advisories/mfsa2020-02/

https://seclists.org/bugtraq/2020/Jan/12

https://lists.debian.org/debian-lts-announce/2020/01/msg00005.html

https://www.debian.org/security/2020/dsa-4600

https://usn.ubuntu.com/4234-1/

https://seclists.org/bugtraq/2020/Jan/18

https://access.redhat.com/errata/RHSA-2020:0085

https://access.redhat.com/errata/RHSA-2020:0086

http://packetstormsecurity.com/files/155912/Slackware-Security-Advisory-mozilla-thunderbird-Updates.html

https://access.redhat.com/errata/RHSA-2020:0111

http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00029.html

https://access.redhat.com/errata/RHSA-2020:0120

https://access.redhat.com/errata/RHSA-2020:0123

https://access.redhat.com/errata/RHSA-2020:0127

https://usn.ubuntu.com/4241-1/

https://www.debian.org/security/2020/dsa-4603

https://seclists.org/bugtraq/2020/Jan/26

https://lists.debian.org/debian-lts-announce/2020/01/msg00016.html

http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00043.html

https://access.redhat.com/errata/RHSA-2020:0292

https://access.redhat.com/errata/RHSA-2020:0295

https://security.gentoo.org/glsa/202003-02

https://usn.ubuntu.com/4335-1/

Published: 2020-01-08T21:27:03

Last Modified: 2024-08-05T01:24:48.588Z

Copied to clipboard!