CVE-2019-17016 - log back

CVE-2019-17016 edited at 13 Jan 2020 16:14:51
Description
- A security issue has been found in Firefox before 72.0, and Thunderbird before 68.3. When pasting a <style> tag from the clipboard into a rich text editor, the CSS sanitizer incorrectly rewrites a @namespace rule. This could allow for injection into certain types of websites resulting in data exfiltration.
+ A security issue has been found in Firefox before 72.0, and Thunderbird before 68.4.1. When pasting a <style> tag from the clipboard into a rich text editor, the CSS sanitizer incorrectly rewrites a @namespace rule. This could allow for injection into certain types of websites resulting in data exfiltration.
CVE-2019-17016 edited at 13 Jan 2020 16:13:18
Description
- A security issue has been found in Firefox before 72.0. When pasting a <style> tag from the clipboard into a rich text editor, the CSS sanitizer incorrectly rewrites a @namespace rule. This could allow for injection into certain types of websites resulting in data exfiltration.
+ A security issue has been found in Firefox before 72.0, and Thunderbird before 68.3. When pasting a <style> tag from the clipboard into a rich text editor, the CSS sanitizer incorrectly rewrites a @namespace rule. This could allow for injection into certain types of websites resulting in data exfiltration.
CVE-2019-17016 edited at 08 Jan 2020 08:53:53
Severity
- Unknown
+ High
Remote
- Unknown
+ Remote
Type
- Unknown
+ Insufficient validation
Description
+ A security issue has been found in Firefox before 72.0. When pasting a <style> tag from the clipboard into a rich text editor, the CSS sanitizer incorrectly rewrites a @namespace rule. This could allow for injection into certain types of websites resulting in data exfiltration.
References
+ https://www.mozilla.org/en-US/security/advisories/mfsa2020-01/#CVE-2019-17016
+ https://bugzilla.mozilla.org/show_bug.cgi?id=1599181
Notes
CVE-2019-17016 created at 08 Jan 2020 08:52:31