CVE-2019-17022

MEDIUM

Description

When pasting a <style> tag from the clipboard into a rich text editor, the CSS sanitizer does not escape < and > characters. Because the resulting string is pasted directly into the text node of the element this does not result in a direct injection into the webpage; however, if a webpage subsequently copies the node's innerHTML, assigning it to another innerHTML, this would result in an XSS vulnerability. Two WYSIWYG editors were identified with this behavior, more may exist. This vulnerability affects Firefox ESR < 68.4 and Firefox < 72.

References

http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00029.html

http://packetstormsecurity.com/files/155912/Slackware-Security-Advisory-mozilla-thunderbird-Updates.html

https://access.redhat.com/errata/RHSA-2020:0085

https://access.redhat.com/errata/RHSA-2020:0086

https://access.redhat.com/errata/RHSA-2020:0111

https://access.redhat.com/errata/RHSA-2020:0120

https://access.redhat.com/errata/RHSA-2020:0123

https://access.redhat.com/errata/RHSA-2020:0127

https://bugzilla.mozilla.org/show_bug.cgi?id=1602843

https://lists.debian.org/debian-lts-announce/2020/01/msg00005.html

https://lists.debian.org/debian-lts-announce/2020/01/msg00016.html

https://seclists.org/bugtraq/2020/Jan/12

https://seclists.org/bugtraq/2020/Jan/18

https://seclists.org/bugtraq/2020/Jan/26

https://usn.ubuntu.com/4234-1/

https://usn.ubuntu.com/4241-1/

https://www.debian.org/security/2020/dsa-4600

https://www.debian.org/security/2020/dsa-4603

https://www.mozilla.org/security/advisories/mfsa2020-01/

https://www.mozilla.org/security/advisories/mfsa2020-02/

Details

Source: MITRE

Published: 2020-01-08

Updated: 2020-01-13

Type: CWE-79

Risk Information

CVSS v2.0

Base Score: 4.3

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Impact Score: 2.9

Exploitability Score: 8.6

Severity: MEDIUM

CVSS v3.0

Base Score: 6.1

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Impact Score: 2.7

Exploitability Score: 2.8

Severity: MEDIUM

Vulnerable Software

Tenable Plugins

View all (42 total)

ID	Name	Product	Family	Severity
135896	Ubuntu 16.04 LTS : thunderbird vulnerabilities (USN-4335-1)	Nessus	Ubuntu Local Security Checks	high
134469	GLSA-202003-02 : Mozilla Firefox: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	high
134325	NewStart CGSL CORE 5.04 / MAIN 5.04 : firefox Multiple Vulnerabilities (NS-SA-2020-0011)	Nessus	NewStart CGSL Local Security Checks	medium
134321	NewStart CGSL CORE 5.04 / MAIN 5.04 : thunderbird Multiple Vulnerabilities (NS-SA-2020-0010)	Nessus	NewStart CGSL Local Security Checks	medium
133652	Amazon Linux 2 : thunderbird (ALAS-2020-1393)	Nessus	Amazon Linux Local Security Checks	medium
133386	RHEL 8 : firefox (RHSA-2020:0295)	Nessus	Red Hat Local Security Checks	medium
133384	RHEL 8 : thunderbird (RHSA-2020:0292)	Nessus	Red Hat Local Security Checks	medium
133199	openSUSE Security Update : MozillaThunderbird (openSUSE-2020-94)	Nessus	SuSE Local Security Checks	medium
133153	Oracle Linux 8 : thunderbird (ELSA-2020-0127)	Nessus	Oracle Linux Local Security Checks	medium
133129	Scientific Linux Security Update : thunderbird on SL7.x x86_64 (20200116)	Nessus	Scientific Linux Local Security Checks	medium
133128	Scientific Linux Security Update : thunderbird on SL6.x i386/x86_64 (20200116)	Nessus	Scientific Linux Local Security Checks	medium
133106	Debian DSA-4603-1 : thunderbird - security update	Nessus	Debian Local Security Checks	medium
133104	Debian DLA-2071-1 : thunderbird security update	Nessus	Debian Local Security Checks	medium
133099	CentOS 6 : thunderbird (CESA-2020:0123)	Nessus	CentOS Local Security Checks	medium
133097	CentOS 7 : thunderbird (CESA-2020:0120)	Nessus	CentOS Local Security Checks	medium
133040	Ubuntu 18.04 LTS / 19.10 : thunderbird vulnerabilities (USN-4241-1)	Nessus	Ubuntu Local Security Checks	medium
133026	RHEL 8 : thunderbird (RHSA-2020:0127)	Nessus	Red Hat Local Security Checks	medium
133024	RHEL 6 : thunderbird (RHSA-2020:0123)	Nessus	Red Hat Local Security Checks	medium
133022	RHEL 7 : thunderbird (RHSA-2020:0120)	Nessus	Red Hat Local Security Checks	medium
133019	Oracle Linux 7 : thunderbird (ELSA-2020-0120)	Nessus	Oracle Linux Local Security Checks	medium
132949	openSUSE Security Update : MozillaFirefox (openSUSE-2020-60)	Nessus	SuSE Local Security Checks	medium
132944	Oracle Linux 8 : firefox (ELSA-2020-0111)	Nessus	Oracle Linux Local Security Checks	medium
132939	CentOS 7 : firefox (CESA-2020:0085)	Nessus	CentOS Local Security Checks	medium
132921	SUSE SLED15 / SLES15 Security Update : MozillaFirefox (SUSE-SU-2020:0078-1)	Nessus	SuSE Local Security Checks	medium
132889	Scientific Linux Security Update : firefox on SL7.x x86_64 (20200113)	Nessus	Scientific Linux Local Security Checks	medium
132888	Scientific Linux Security Update : firefox on SL6.x i386/x86_64 (20200113)	Nessus	Scientific Linux Local Security Checks	medium
132887	RHEL 8 : firefox (RHSA-2020:0111)	Nessus	Red Hat Local Security Checks	medium
132885	RHEL 6 : firefox (RHSA-2020:0086)	Nessus	Red Hat Local Security Checks	medium
132884	RHEL 7 : firefox (RHSA-2020:0085)	Nessus	Red Hat Local Security Checks	medium
132881	Oracle Linux 7 : firefox (ELSA-2020-0085)	Nessus	Oracle Linux Local Security Checks	medium
132873	CentOS 6 : firefox (CESA-2020:0086)	Nessus	CentOS Local Security Checks	medium
132854	Ubuntu 16.04 LTS / 18.04 LTS / 19.04 / 19.10 : firefox vulnerabilities (USN-4234-1)	Nessus	Ubuntu Local Security Checks	medium
132852	SUSE SLED12 / SLES12 Security Update : MozillaFirefox (SUSE-SU-2020:0068-1)	Nessus	SuSE Local Security Checks	medium
132847	Slackware 14.2 / current : mozilla-thunderbird (SSA:2020-010-01)	Nessus	Slackware Local Security Checks	medium
132774	Mozilla Thunderbird < 68.4.1	Nessus	Windows	medium
132773	Mozilla Thunderbird < 68.4.1	Nessus	MacOS X Local Security Checks	medium
132760	Debian DSA-4600-1 : firefox-esr - security update	Nessus	Debian Local Security Checks	medium
132758	Debian DLA-2061-1 : firefox-esr security update	Nessus	Debian Local Security Checks	medium
132711	Mozilla Firefox ESR < 68.4 Multiple Vulnerabilities	Nessus	Windows	medium
132710	Mozilla Firefox ESR < 68.4 Multiple Vulnerabilities	Nessus	MacOS X Local Security Checks	medium
132709	Mozilla Firefox < 72.0 Multiple Vulnerabilities	Nessus	Windows	medium
132708	Mozilla Firefox < 72.0 Multiple Vulnerabilities	Nessus	MacOS X Local Security Checks	medium