CVE-2019-17022

CVSS V2 Medium 4.3 CVSS V3 Medium 6.1
Description
When pasting a <style> tag from the clipboard into a rich text editor, the CSS sanitizer does not escape < and > characters. Because the resulting string is pasted directly into the text node of the element this does not result in a direct injection into the webpage; however, if a webpage subsequently copies the node's innerHTML, assigning it to another innerHTML, this would result in an XSS vulnerability. Two WYSIWYG editors were identified with this behavior, more may exist. This vulnerability affects Firefox ESR < 68.4 and Firefox < 72.
Overview
  • CVE ID
  • CVE-2019-17022
  • Assigner
  • security@mozilla.org
  • Vulnerability Status
  • Modified
  • Published Version
  • 2020-01-08T22:15:12
  • Last Modified Date
  • 2020-01-13T20:15:12
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:* 1 OR 72.0
cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:* 1 OR 68.4
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:* 1 OR
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:* 1 OR
cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:* 1 OR
CVSS Version 2
  • Version
  • 2.0
  • Vector String
  • AV:N/AC:M/Au:N/C:N/I:P/A:N
  • Access Vector
  • NETWORK
  • Access Compatibility
  • MEDIUM
  • Authentication
  • NONE
  • Confidentiality Impact
  • NONE
  • Integrity Impact
  • PARTIAL
  • Availability Impact
  • NONE
  • Base Score
  • 4.3
  • Severity
  • MEDIUM
  • Exploitability Score
  • 8.6
  • Impact Score
  • 2.9
CVSS Version 3
  • Version
  • 3.1
  • Vector String
  • CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
  • Attack Vector
  • NETWORK
  • Attack Compatibility
  • LOW
  • Privileges Required
  • NONE
  • User Interaction
  • REQUIRED
  • Scope
  • CHANGED
  • Confidentiality Impact
  • LOW
  • Availability Impact
  • NONE
  • Base Score
  • 6.1
  • Base Severity
  • MEDIUM
  • Exploitability Score
  • 2.8
  • Impact Score
  • 2.7
References
Reference URL Reference Tags
https://bugzilla.mozilla.org/show_bug.cgi?id=1602843 Permissions Required
https://www.mozilla.org/security/advisories/mfsa2020-01/ Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2020-02/ Vendor Advisory
https://seclists.org/bugtraq/2020/Jan/12 Mailing List Third Party Advisory
https://lists.debian.org/debian-lts-announce/2020/01/msg00005.html Mailing List Third Party Advisory
https://www.debian.org/security/2020/dsa-4600 Third Party Advisory
https://usn.ubuntu.com/4234-1/ Third Party Advisory
https://seclists.org/bugtraq/2020/Jan/18 Mailing List Third Party Advisory
https://access.redhat.com/errata/RHSA-2020:0086 Third Party Advisory
https://access.redhat.com/errata/RHSA-2020:0085 Third Party Advisory
http://packetstormsecurity.com/files/155912/Slackware-Security-Advisory-mozilla-thunderbird-Updates.html
https://access.redhat.com/errata/RHSA-2020:0111
http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00029.html
https://access.redhat.com/errata/RHSA-2020:0123
https://access.redhat.com/errata/RHSA-2020:0120
https://access.redhat.com/errata/RHSA-2020:0127
https://usn.ubuntu.com/4241-1/
https://www.debian.org/security/2020/dsa-4603
https://seclists.org/bugtraq/2020/Jan/26
https://lists.debian.org/debian-lts-announce/2020/01/msg00016.html
http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00043.html
https://access.redhat.com/errata/RHSA-2020:0295
https://access.redhat.com/errata/RHSA-2020:0292
https://security.gentoo.org/glsa/202003-02
https://usn.ubuntu.com/4335-1/
History
Created Old Value New Value Data Type Notes
2022-05-10 16:53:51 Added to TrackCVE
2022-12-04 09:10:18 2020-01-08T22:15Z 2020-01-08T22:15:12 CVE Published Date updated
2022-12-04 09:10:18 2020-01-13T20:15:12 CVE Modified Date updated
2022-12-04 09:10:18 Modified Vulnerability Status updated