Vulnerability Details : CVE-2019-17022
When pasting a <style> tag from the clipboard into a rich text editor, the CSS sanitizer does not escape < and > characters. Because the resulting string is pasted directly into the text node of the element this does not result in a direct injection into the webpage; however, if a webpage subsequently copies the node's innerHTML, assigning it to another innerHTML, this would result in an XSS vulnerability. Two WYSIWYG editors were identified with this behavior, more may exist. This vulnerability affects Firefox ESR < 68.4 and Firefox < 72.
Vulnerability category: Cross site scripting (XSS)
Products affected by CVE-2019-17022
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
- cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2019-17022
0.51%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 77 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2019-17022
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:P/A:N |
8.6
|
2.9
|
NIST | |
6.1
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
2.8
|
2.7
|
NIST |
CWE ids for CVE-2019-17022
-
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.Assigned by: nvd@nist.gov (Primary)
References for CVE-2019-17022
-
https://access.redhat.com/errata/RHSA-2020:0085
RHSA-2020:0085 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://usn.ubuntu.com/4234-1/
USN-4234-1: Firefox vulnerabilities | Ubuntu security noticesThird Party Advisory
-
https://www.debian.org/security/2020/dsa-4603
Debian -- Security Information -- DSA-4603-1 thunderbird
-
https://access.redhat.com/errata/RHSA-2020:0123
RHSA-2020:0123 - Security Advisory - Red Hat Customer Portal
-
https://seclists.org/bugtraq/2020/Jan/26
Bugtraq: [SECURITY] [DSA 4603-1] thunderbird security update
-
https://security.gentoo.org/glsa/202003-02
Mozilla Firefox: Multiple vulnerabilities (GLSA 202003-02) — Gentoo security
-
https://seclists.org/bugtraq/2020/Jan/18
Bugtraq: [slackware-security] mozilla-thunderbird (SSA:2020-010-01)Mailing List;Third Party Advisory
-
https://access.redhat.com/errata/RHSA-2020:0295
RHSA-2020:0295 - Security Advisory - Red Hat Customer Portal
-
https://lists.debian.org/debian-lts-announce/2020/01/msg00005.html
[SECURITY] [DLA 2061-1] firefox-esr security updateMailing List;Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00043.html
[security-announce] openSUSE-SU-2020:0094-1: important: Security update
-
https://access.redhat.com/errata/RHSA-2020:0120
RHSA-2020:0120 - Security Advisory - Red Hat Customer Portal
-
https://access.redhat.com/errata/RHSA-2020:0111
RHSA-2020:0111 - Security Advisory - Red Hat Customer Portal
-
https://www.mozilla.org/security/advisories/mfsa2020-01/
Security Vulnerabilities fixed in Firefox 72 — MozillaVendor Advisory
-
https://access.redhat.com/errata/RHSA-2020:0086
RHSA-2020:0086 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://www.debian.org/security/2020/dsa-4600
Debian -- Security Information -- DSA-4600-1 firefox-esrThird Party Advisory
-
http://packetstormsecurity.com/files/155912/Slackware-Security-Advisory-mozilla-thunderbird-Updates.html
Slackware Security Advisory - mozilla-thunderbird Updates ≈ Packet Storm
-
https://usn.ubuntu.com/4335-1/
USN-4335-1: Thunderbird vulnerabilities | Ubuntu security notices
-
https://seclists.org/bugtraq/2020/Jan/12
Bugtraq: [SECURITY] [DSA 4600-1] firefox-esr security updateMailing List;Third Party Advisory
-
https://www.mozilla.org/security/advisories/mfsa2020-02/
Security Vulnerabilities fixed in Firefox ESR 68.4 — MozillaVendor Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00029.html
[security-announce] openSUSE-SU-2020:0060-1: important: Security update
-
https://lists.debian.org/debian-lts-announce/2020/01/msg00016.html
[SECURITY] [DLA 2071-1] thunderbird security update
-
https://access.redhat.com/errata/RHSA-2020:0127
RHSA-2020:0127 - Security Advisory - Red Hat Customer Portal
-
https://usn.ubuntu.com/4241-1/
USN-4241-1: Thunderbird vulnerabilities | Ubuntu security notices
-
https://bugzilla.mozilla.org/show_bug.cgi?id=1602843
Access DeniedPermissions Required
-
https://access.redhat.com/errata/RHSA-2020:0292
RHSA-2020:0292 - Security Advisory - Red Hat Customer Portal
Jump to