what you don't know can hurt you
Showing 1 - 14 of 14 RSS Feed

CVE-2019-17022

Status Candidate

Overview

When pasting a <style> tag from the clipboard into a rich text editor, the CSS sanitizer does not escape < and > characters. Because the resulting string is pasted directly into the text node of the element this does not result in a direct injection into the webpage; however, if a webpage subsequently copies the node's innerHTML, assigning it to another innerHTML, this would result in an XSS vulnerability. Two WYSIWYG editors were identified with this behavior, more may exist. This vulnerability affects Firefox ESR < 68.4 and Firefox < 72.

Related Files

Ubuntu Security Notice USN-4335-1
Posted Apr 22, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4335-1 - Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass security restrictions, bypass same-origin restrictions, conduct cross-site scripting attacks, or execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, xss
systems | linux, ubuntu
advisories | CVE-2019-11745, CVE-2019-11755, CVE-2019-11759, CVE-2019-11760, CVE-2019-11761, CVE-2019-11763, CVE-2019-11764, CVE-2019-15903, CVE-2019-17005, CVE-2019-17008, CVE-2019-17011, CVE-2019-17012, CVE-2019-17016, CVE-2019-17022, CVE-2019-17024, CVE-2019-17026, CVE-2020-6792, CVE-2020-6794, CVE-2020-6798, CVE-2020-6800, CVE-2020-6805, CVE-2020-6811, CVE-2020-6812, CVE-2020-6814, CVE-2020-6821, CVE-2020-6822, CVE-2020-6825
MD5 | c86e86afb9b7eb66cd0dc89a57af7b70
Gentoo Linux Security Advisory 202003-02
Posted Mar 12, 2020
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202003-2 - Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which may allow execution of arbitrary code. Versions less than 68.6.0 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2019-11745, CVE-2019-17005, CVE-2019-17008, CVE-2019-17010, CVE-2019-17011, CVE-2019-17012, CVE-2019-17016, CVE-2019-17017, CVE-2019-17022, CVE-2019-17024, CVE-2019-17026, CVE-2019-20503, CVE-2020-6796, CVE-2020-6797, CVE-2020-6798, CVE-2020-6799, CVE-2020-6800, CVE-2020-6805, CVE-2020-6806, CVE-2020-6807, CVE-2020-6811, CVE-2020-6812, CVE-2020-6814
MD5 | 51be70ff1eb22cdc247b5d338e202916
Red Hat Security Advisory 2020-0295-01
Posted Jan 30, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-0295-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 68.4.1 ESR. Issues addressed include buffer overflow, bypass, and use-after-free vulnerabilities.

tags | advisory, web, overflow, vulnerability
systems | linux, redhat
advisories | CVE-2019-17005, CVE-2019-17008, CVE-2019-17010, CVE-2019-17011, CVE-2019-17012, CVE-2019-17016, CVE-2019-17017, CVE-2019-17022, CVE-2019-17024, CVE-2019-17026
MD5 | bdc85b62a883b5a60f3806fcc1f56d46
Red Hat Security Advisory 2020-0292-01
Posted Jan 30, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-0292-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 68.4.1. Issues addressed include buffer overflow, bypass, and use-after-free vulnerabilities.

tags | advisory, overflow, vulnerability
systems | linux, redhat
advisories | CVE-2019-17005, CVE-2019-17008, CVE-2019-17010, CVE-2019-17011, CVE-2019-17012, CVE-2019-17016, CVE-2019-17017, CVE-2019-17022, CVE-2019-17024, CVE-2019-17026
MD5 | dff2c54670d899a7fc7c1762773f5e56
Debian Security Advisory 4603-1
Posted Jan 18, 2020
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4603-1 - Multiple security issues have been found in Thunderbird which could potentially result in the execution of arbitrary code or information disclosure.

tags | advisory, arbitrary, info disclosure
systems | linux, debian
advisories | CVE-2019-17016, CVE-2019-17017, CVE-2019-17022, CVE-2019-17024, CVE-2019-17026
MD5 | 3d4fe141935108d14d22f1fe02e23aef
Ubuntu Security Notice USN-4241-1
Posted Jan 17, 2020
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4241-1 - Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, conduct cross-site scripting attacks, or execute arbitrary code. It was discovered that NSS incorrectly handled certain memory operations. A remote attacker could potentially exploit this to cause a denial of service, or execute arbitrary code. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary, xss
systems | linux, ubuntu
advisories | CVE-2019-11745, CVE-2019-17011, CVE-2019-17012, CVE-2019-17016, CVE-2019-17022, CVE-2019-17024, CVE-2019-17026
MD5 | 3610655eb691555973e60450f99803ce
Red Hat Security Advisory 2020-0127-01
Posted Jan 16, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-0127-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 68.4.1. Issues addressed include a bypass vulnerability.

tags | advisory, bypass
systems | linux, redhat
advisories | CVE-2019-17016, CVE-2019-17017, CVE-2019-17022, CVE-2019-17024, CVE-2019-17026
MD5 | 3794cd79e1225b1d5112c1421103be72
Red Hat Security Advisory 2020-0120-01
Posted Jan 16, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-0120-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 68.4.1. Issues addressed include a bypass vulnerability.

tags | advisory, bypass
systems | linux, redhat
advisories | CVE-2019-17016, CVE-2019-17017, CVE-2019-17022, CVE-2019-17024, CVE-2019-17026
MD5 | 433889948b99b16fe43d78f9a722c14f
Red Hat Security Advisory 2020-0123-01
Posted Jan 16, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-0123-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 68.4.1. Issues addressed include a bypass vulnerability.

tags | advisory, bypass
systems | linux, redhat
advisories | CVE-2019-17016, CVE-2019-17017, CVE-2019-17022, CVE-2019-17024, CVE-2019-17026
MD5 | bed7c68743dabd60938d5b686653538f
Red Hat Security Advisory 2020-0111-01
Posted Jan 15, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-0111-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 68.4.1 ESR. Issues addressed include a bypass vulnerability.

tags | advisory, web, bypass
systems | linux, redhat
advisories | CVE-2019-17016, CVE-2019-17017, CVE-2019-17022, CVE-2019-17024, CVE-2019-17026
MD5 | 36adb5f774a4e684239d2466916380dd
Red Hat Security Advisory 2020-0085-01
Posted Jan 13, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-0085-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 68.4.1 ESR. Issues addressed include a bypass vulnerability.

tags | advisory, web, bypass
systems | linux, redhat
advisories | CVE-2019-17016, CVE-2019-17017, CVE-2019-17022, CVE-2019-17024, CVE-2019-17026
MD5 | 27d1f7894855bbe772cc12a4aca4b134
Red Hat Security Advisory 2020-0086-01
Posted Jan 13, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-0086-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 68.4.1 ESR. Issues addressed include a bypass vulnerability.

tags | advisory, web, bypass
systems | linux, redhat
advisories | CVE-2019-17016, CVE-2019-17017, CVE-2019-17022, CVE-2019-17024, CVE-2019-17026
MD5 | 4037d1911aa9507b6c6224fdbdce9776
Slackware Security Advisory - mozilla-thunderbird Updates
Posted Jan 13, 2020
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New mozilla-thunderbird packages are available for Slackware 14.2 and -current to fix security issues.

tags | advisory
systems | linux, slackware
advisories | CVE-2019-17015, CVE-2019-17016, CVE-2019-17017, CVE-2019-17021, CVE-2019-17022, CVE-2019-17024, CVE-2019-17026
MD5 | d14a23ee538978a7ab55db945a32c23b
Debian Security Advisory 4600-1
Posted Jan 9, 2020
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4600-1 - Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, data exfiltration or cross-site scripting.

tags | advisory, web, arbitrary, xss
systems | linux, debian
advisories | CVE-2019-17016, CVE-2019-17017, CVE-2019-17022, CVE-2019-17024, CVE-2019-17026
MD5 | 5c389eae58b71f0e5752b71079631732
Page 1 of 1
Back1Next

File Archive:

December 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    22 Files
  • 2
    Dec 2nd
    0 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close