Mozilla » Firefox Esr : Security Vulnerabilities, CVEs, Published In 2019 (XSS) CVSS score >= 1
Some HTML elements, such as <title> and <textarea>, can contain literal angle brackets without treating them as markup. It is possible to pass a literal closing tag to .innerHTML on these elements, and subsequent content after that will be parsed as if it were outside the tag. This can lead to XSS if a site does not filter user input as strictly for these elements as it does for other elements. This vulnerability affects Firefox < 69, Thunderbird < 68.1, Thunderbird < 60.9, Firefox ESR < 60.9, and Firefox ESR < 68.1.
Max CVSS
6.1
EPSS Score
0.27%
Published
2019-09-27
Updated
2019-10-04
Due to an error while parsing page content, it is possible for properly sanitized user input to be misinterpreted and lead to XSS hazards on web sites in certain circumstances. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8.
Max CVSS
6.1
EPSS Score
0.82%
Published
2019-07-23
Updated
2019-07-29
2 vulnerabilities found