CVE-2019-17020 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	Medium
Remote	Yes
Type	Access restriction bypass
Description	A Content Security Policy bypass has been found in Firefox before 72.0, where the CSP is not applied to XSL stylesheets applied to XML documents. If the XSL sheet e.g. includes JavaScript, it would bypass any of the restrictions of the Content Security Policy applied to the XML document.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-1084	firefox	71.0-1	72.0-1	Critical	Fixed

Date	Advisory	Group	Package	Severity	Type
08 Jan 2020	ASA-202001-1	AVG-1084	firefox	Critical	multiple issues

References
https://www.mozilla.org/en-US/security/advisories/mfsa2020-01/#CVE-2019-17020 https://bugzilla.mozilla.org/show_bug.cgi?id=1597645