CVE-2019-17022 - log back

CVE-2019-17022 edited at 13 Jan 2020 16:14:40
Description
- A security issue has been found in Firefox before 72.0, and Thunderbird before 68.3, where CSS sanitization does not escape HTML tags. When pasting a <style> tag from the clipboard into a rich text editor, the CSS sanitizer does not escape < and > characters. Because the resulting string is pasted directly into the text node of the element this does not result in a direct injection into the webpage; however, if a webpage subsequently copies the node's innerHTML, assigning it to another innerHTML, this would result in an XSS vulnerability. Two WYSIWYG editors were identified with this behavior, more may exist.
+ A security issue has been found in Firefox before 72.0, and Thunderbird before 68.4.1 where CSS sanitization does not escape HTML tags. When pasting a <style> tag from the clipboard into a rich text editor, the CSS sanitizer does not escape < and > characters. Because the resulting string is pasted directly into the text node of the element this does not result in a direct injection into the webpage; however, if a webpage subsequently copies the node's innerHTML, assigning it to another innerHTML, this would result in an XSS vulnerability. Two WYSIWYG editors were identified with this behavior, more may exist.
CVE-2019-17022 edited at 13 Jan 2020 16:12:56
Description
- A security issue has been found in Firefox before 72.0, where CSS sanitization does not escape HTML tags. When pasting a <style> tag from the clipboard into a rich text editor, the CSS sanitizer does not escape < and > characters. Because the resulting string is pasted directly into the text node of the element this does not result in a direct injection into the webpage; however, if a webpage subsequently copies the node's innerHTML, assigning it to another innerHTML, this would result in an XSS vulnerability. Two WYSIWYG editors were identified with this behavior, more may exist.
+ A security issue has been found in Firefox before 72.0, and Thunderbird before 68.3, where CSS sanitization does not escape HTML tags. When pasting a <style> tag from the clipboard into a rich text editor, the CSS sanitizer does not escape < and > characters. Because the resulting string is pasted directly into the text node of the element this does not result in a direct injection into the webpage; however, if a webpage subsequently copies the node's innerHTML, assigning it to another innerHTML, this would result in an XSS vulnerability. Two WYSIWYG editors were identified with this behavior, more may exist.
CVE-2019-17022 edited at 08 Jan 2020 15:09:33
Description
- A security issue has been found in Firefox 72.0, where CSS sanitization does not escape HTML tags. When pasting a <style> tag from the clipboard into a rich text editor, the CSS sanitizer does not escape < and > characters. Because the resulting string is pasted directly into the text node of the element this does not result in a direct injection into the webpage; however, if a webpage subsequently copies the node's innerHTML, assigning it to another innerHTML, this would result in an XSS vulnerability. Two WYSIWYG editors were identified with this behavior, more may exist.
+ A security issue has been found in Firefox before 72.0, where CSS sanitization does not escape HTML tags. When pasting a <style> tag from the clipboard into a rich text editor, the CSS sanitizer does not escape < and > characters. Because the resulting string is pasted directly into the text node of the element this does not result in a direct injection into the webpage; however, if a webpage subsequently copies the node's innerHTML, assigning it to another innerHTML, this would result in an XSS vulnerability. Two WYSIWYG editors were identified with this behavior, more may exist.
CVE-2019-17022 edited at 08 Jan 2020 08:57:14
Severity
- Unknown
+ Medium
Remote
- Unknown
+ Remote
Type
- Unknown
+ Insufficient validation
Description
+ A security issue has been found in Firefox 72.0, where CSS sanitization does not escape HTML tags. When pasting a <style> tag from the clipboard into a rich text editor, the CSS sanitizer does not escape < and > characters. Because the resulting string is pasted directly into the text node of the element this does not result in a direct injection into the webpage; however, if a webpage subsequently copies the node's innerHTML, assigning it to another innerHTML, this would result in an XSS vulnerability. Two WYSIWYG editors were identified with this behavior, more may exist.
References
+ https://www.mozilla.org/en-US/security/advisories/mfsa2020-01/#CVE-2019-17022
+ https://bugzilla.mozilla.org/show_bug.cgi?id=1602843
Notes
CVE-2019-17022 created at 08 Jan 2020 08:52:31