CVE-2019-17022 Information
Description
When pasting a <style> tag from the clipboard into a rich text editor the CSS sanitizer does not escape < and > characters. Because the resulting string is pasted directly into the text node of the element this does not result in a direct injection into the webpage; however if a webpage subsequently copies the node’s innerHTML assigning it to another innerHTML this would result in an XSS vulnerability. Two WYSIWYG editors were identified with this behavior more may exist. This vulnerability affects Firefox ESR 68.4 and Firefox 72.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Reference
http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00029.html http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00043.html http://packetstormsecurity.com/files/155912/Slackware-Security-Advisory-mozilla-thunderbird-Updates.html https://access.redhat.com/errata/RHSA-2020:0085 https://access.redhat.com/errata/RHSA-2020:0086 https://access.redhat.com/errata/RHSA-2020:0111 https://access.redhat.com/errata/RHSA-2020:0120 https://access.redhat.com/errata/RHSA-2020:0123 https://access.redhat.com/errata/RHSA-2020:0127 https://access.redhat.com/errata/RHSA-2020:0292 https://access.redhat.com/errata/RHSA-2020:0295 https://bugzilla.mozilla.org/show_bug.cgi?id=1602843 https://lists.debian.org/debian-lts-announce/2020/01/msg00005.html https://lists.debian.org/debian-lts-announce/2020/01/msg00016.html https://seclists.org/bugtraq/2020/Jan/12 https://seclists.org/bugtraq/2020/Jan/18 https://seclists.org/bugtraq/2020/Jan/26 https://security.gentoo.org/glsa/202003-02 https://usn.ubuntu.com/4234-1/ https://usn.ubuntu.com/4241-1/ https://usn.ubuntu.com/4335-1/ https://www.debian.org/security/2020/dsa-4600 https://www.debian.org/security/2020/dsa-4603 https://www.mozilla.org/security/advisories/mfsa2020-01/ https://www.mozilla.org/security/advisories/mfsa2020-02/
Attack Complexity
LOW
Privileges Required
NONE
User Interaction Required
NONE
Scope
REQUIRED
Confidentiality Impact
CHANGED
Integrity Impact
LOW
Availability Impact
LOW
Base Score
NONE
Base Severity
6.1
Share on: