CVE-2019-11763 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	Medium
Remote	Yes
Type	Insufficient validation
Description	An issue has been found in Firefox before 70.0 and Thunderbird before 68.2, where failure to correctly handle null bytes when processing HTML entities resulted in incorrectly parsing these entities. This could have led to HTML comment text being treated as HTML which could have led to XSS in a web application under certain conditions. It could have also led to HTML entities being masked from filters, enabling the use of entities to mask the actual characters of interest from filters.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-1055	firefox	69.0.3-1	70.0-1	Critical	Fixed
AVG-1054	thunderbird	68.1.1-1	68.2.0-1	Critical	Fixed

Date	Advisory	Group	Package	Severity	Type
26 Oct 2019	ASA-201910-16	AVG-1055	firefox	Critical	multiple issues
26 Oct 2019	ASA-201910-15	AVG-1054	thunderbird	Critical	multiple issues

References
https://www.mozilla.org/en-US/security/advisories/mfsa2019-34/#CVE-2019-11763 https://www.mozilla.org/en-US/security/advisories/mfsa2019-35/#CVE-2019-11763 https://bugzilla.mozilla.org/show_bug.cgi?id=1584216

References

https://www.mozilla.org/en-US/security/advisories/mfsa2019-34/#CVE-2019-11763
https://www.mozilla.org/en-US/security/advisories/mfsa2019-35/#CVE-2019-11763
https://bugzilla.mozilla.org/show_bug.cgi?id=1584216