← volver
CVE-2019-17016

CVE-2019-17016

EPSS 2.0%
Vexday Risk Score
3Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS EPSS 2.0%KEV nãoPoC Nuclei Metasploit Patch referenciado
Ciclo de vida
08 ene 2020Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
When pasting a &lt;style&gt; tag from the clipboard into a rich text editor, the CSS sanitizer incorrectly rewrites a @namespace rule. This could allow for injection into certain types of websites resulting in data exfiltration. This vulnerability affects Firefox ESR < 68.4 and Firefox < 72.
Productos afectados
Mozilla · FirefoxMozilla · Firefox ESR

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00029.htmlhttp://lists.opensuse.org/opensuse-security-announce/2020-01/msg00043.htmlhttp://packetstormsecurity.com/files/155912/Slackware-Security-Advisory-mozilla-thunderbird-Updates.htmlhttps://access.redhat.com/errata/RHSA-2020:0085https://access.redhat.com/errata/RHSA-2020:0086https://access.redhat.com/errata/RHSA-2020:0111https://access.redhat.com/errata/RHSA-2020:0120https://access.redhat.com/errata/RHSA-2020:0123https://access.redhat.com/errata/RHSA-2020:0127https://access.redhat.com/errata/RHSA-2020:0292https://access.redhat.com/errata/RHSA-2020:0295https://bugzilla.mozilla.org/show_bug.cgi?id=1599181