← back
CVE-2019-17016

CVE-2019-17016

EPSS 2.0%
When pasting a &lt;style&gt; tag from the clipboard into a rich text editor, the CSS sanitizer incorrectly rewrites a @namespace rule. This could allow for injection into certain types of websites resulting in data exfiltration. This vulnerability affects Firefox ESR < 68.4 and Firefox < 72.
Affected products
Mozilla · FirefoxMozilla · Firefox ESR

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00029.htmlhttp://lists.opensuse.org/opensuse-security-announce/2020-01/msg00043.htmlhttp://packetstormsecurity.com/files/155912/Slackware-Security-Advisory-mozilla-thunderbird-Updates.htmlhttps://access.redhat.com/errata/RHSA-2020:0085https://access.redhat.com/errata/RHSA-2020:0086https://access.redhat.com/errata/RHSA-2020:0111https://access.redhat.com/errata/RHSA-2020:0120https://access.redhat.com/errata/RHSA-2020:0123https://access.redhat.com/errata/RHSA-2020:0127https://access.redhat.com/errata/RHSA-2020:0292https://access.redhat.com/errata/RHSA-2020:0295https://bugzilla.mozilla.org/show_bug.cgi?id=1599181