CVE-2019-17020 - log back

CVE-2019-17020 edited at 08 Jan 2020 15:09:27
Description
- A Content Security Policy bypass has been found in Firefox 72.0, where the CSP is not applied to XSL stylesheets applied to XML documents. If the XSL sheet e.g. includes JavaScript, it would bypass any of the restrictions of the Content Security Policy applied to the XML document.
+ A Content Security Policy bypass has been found in Firefox before 72.0, where the CSP is not applied to XSL stylesheets applied to XML documents. If the XSL sheet e.g. includes JavaScript, it would bypass any of the restrictions of the Content Security Policy applied to the XML document.
CVE-2019-17020 edited at 08 Jan 2020 08:56:14
Severity
- Unknown
+ Medium
Remote
- Unknown
+ Remote
Type
- Unknown
+ Access restriction bypass
Description
+ A Content Security Policy bypass has been found in Firefox 72.0, where the CSP is not applied to XSL stylesheets applied to XML documents. If the XSL sheet e.g. includes JavaScript, it would bypass any of the restrictions of the Content Security Policy applied to the XML document.
References
+ https://www.mozilla.org/en-US/security/advisories/mfsa2020-01/#CVE-2019-17020
+ https://bugzilla.mozilla.org/show_bug.cgi?id=1597645
Notes
CVE-2019-17020 created at 08 Jan 2020 08:52:31