Informazioni sul CVE-2019-17022
N/A
CWE ID: N/A
Base Score (CVSS): N/A
CVE: CVE-2019-17022
Descrizione: When pasting a <style> tag from the clipboard into a rich text editor, the CSS sanitizer does not escape < and > characters. Because the resulting string is pasted directly into the text node of the element this does not result in a direct injection into the webpage; however, if a webpage subsequently copies the node’s innerHTML, assigning it to another innerHTML, this would result in an XSS vulnerability. Two WYSIWYG editors were identified with this behavior, more may exist. This vulnerability affects Firefox ESR < 68.4 and Firefox < 72.
Vettore di attacco
Punteggio CVSS
Il CVSS è un sistema di valutazione che misura la gravità di una vulnerabilità informatica considerando fattori come l’impatto potenziale, la probabilità di attacco e la facilità di esecuzione.
Riassunto: .
Dettaglio del Vettore
| Metrica | Valore | Significato | Descrizione |
|---|
Riferimenti esterni
- https://bugzilla.mozilla.org/show_bug.cgi?id=1602843
- https://www.mozilla.org/security/advisories/mfsa2020-01/
- https://www.mozilla.org/security/advisories/mfsa2020-02/
- https://seclists.org/bugtraq/2020/Jan/12
- https://lists.debian.org/debian-lts-announce/2020/01/msg00005.html
- https://www.debian.org/security/2020/dsa-4600
- https://usn.ubuntu.com/4234-1/
- https://seclists.org/bugtraq/2020/Jan/18
- https://access.redhat.com/errata/RHSA-2020:0085
- https://access.redhat.com/errata/RHSA-2020:0086
- http://packetstormsecurity.com/files/155912/Slackware-Security-Advisory-mozilla-thunderbird-Updates.html
- https://access.redhat.com/errata/RHSA-2020:0111
- http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00029.html
- https://access.redhat.com/errata/RHSA-2020:0120
- https://access.redhat.com/errata/RHSA-2020:0123
- https://access.redhat.com/errata/RHSA-2020:0127
- https://usn.ubuntu.com/4241-1/
- https://www.debian.org/security/2020/dsa-4603
- https://seclists.org/bugtraq/2020/Jan/26
- https://lists.debian.org/debian-lts-announce/2020/01/msg00016.html
- http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00043.html
- https://access.redhat.com/errata/RHSA-2020:0292
- https://access.redhat.com/errata/RHSA-2020:0295
- https://security.gentoo.org/glsa/202003-02
- https://usn.ubuntu.com/4335-1/
Prodotti interessati
- Mozilla – Firefox ESR
- Mozilla – Firefox
Relazioni con altri prodotti
Produttore:Mozilla
Prodotto: Firefox
Anno: 2019
CWE:
CVSS: 0.0
Produttore:Mozilla
Prodotto: Firefox ESR
Anno: 2019
CWE:
CVSS: 0.0