CVE-2019-11763 log

Source
Severity Medium
Remote Yes
Type Insufficient validation
Description
An issue has been found in Firefox before 70.0 and Thunderbird before 68.2, where failure to correctly handle null bytes when processing HTML entities resulted in incorrectly parsing these entities. This could have led to HTML comment text being treated as HTML which could have led to XSS in a web application under certain conditions. It could have also led to HTML entities being masked from filters, enabling the use of entities to mask the actual characters of interest from filters.
Group Package Affected Fixed Severity Status Ticket
AVG-1055 firefox 69.0.3-1 70.0-1 Critical Fixed
AVG-1054 thunderbird 68.1.1-1 68.2.0-1 Critical Fixed
Date Advisory Group Package Severity Description
26 Oct 2019 ASA-201910-16 AVG-1055 firefox Critical multiple issues
26 Oct 2019 ASA-201910-15 AVG-1054 thunderbird Critical multiple issues
References
https://www.mozilla.org/en-US/security/advisories/mfsa2019-34/#CVE-2019-11763
https://www.mozilla.org/en-US/security/advisories/mfsa2019-35/#CVE-2019-11763
https://bugzilla.mozilla.org/show_bug.cgi?id=1584216