PT-2019-4828 · Mozilla+5 · Firefox Esr+7
Gareth Heyes
·
Publicado
2019-10-22
·
Atualizado
2024-12-12
·
CVE-2019-11763
CVSS v3.1
6.1
Média
| Vetor | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Firefox versions prior to 70
Thunderbird versions prior to 68.2
Firefox ESR versions prior to 68.2
Description
The issue arises from the incorrect handling of null bytes when processing HTML entities, leading to incorrect parsing by Firefox. This could result in HTML comment text being treated as HTML, potentially leading to cross-site scripting (XSS) in certain web applications. Additionally, it could allow HTML entities to be masked from filters, enabling the use of entities to hide actual characters of interest from filters. The vulnerability may allow a remote attacker to impact data integrity.
Recommendations
For Firefox versions prior to 70, update to version 70 or later.
For Thunderbird versions prior to 68.2, update to version 68.2 or later.
For Firefox ESR versions prior to 68.2, update to version 68.2 or later.
Exploit
Correção
XSS
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Alt Linux
Centos
Firefox
Firefox Esr
Red Hat
Suse
Thunderbird
Ubuntu