Due to an error while parsing page content, it is possible for properly sanitized user input to be misinterpreted and lead to XSS hazards on web sites in certain circumstances. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8.
http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00055.html
http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00058.html
http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00073.html
http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00009.html
http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00010.html
https://bugzilla.mozilla.org/show_bug.cgi?id=1555523
https://lists.debian.org/debian-lts-announce/2019/08/msg00001.html
https://lists.debian.org/debian-lts-announce/2019/08/msg00002.html
https://security.gentoo.org/glsa/201908-12
https://security.gentoo.org/glsa/201908-20
https://www.mozilla.org/security/advisories/mfsa2019-21/
Source: MITRE
Published: 2019-07-23
Updated: 2019-07-29
Type: CWE-79
Base Score: 4.3
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Impact Score: 2.9
Exploitability Score: 8.6
Severity: MEDIUM
Base Score: 6.1
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Impact Score: 2.7
Exploitability Score: 2.8
Severity: MEDIUM