PT-2019-4867 · Mozilla+2 · Firefox+2

Matthew Somerville

Publicado

2019-12-03

Atualizado

2024-12-12

CVE-2019-17020

CVSS v2.0

7.1

Alta

Vetor

AV:N/AC:M/Au:N/C:N/I:C/A:N

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 72

Description The issue is related to a security policy error that does not apply to the contents of an XSL stylesheet when an XML file is served with a Content Security Policy and includes an XSL stylesheet. This could allow a remote attacker to compromise data integrity, particularly if the XSL sheet includes JavaScript, thereby bypassing the restrictions of the Content Security Policy applied to the XML document.

Recommendations For Firefox versions prior to 72, update to version 72 or later to resolve the issue. As a temporary workaround, consider restricting the use of XSL stylesheets in XML files served with a Content Security Policy until a patch is applied.

Correção

XXE

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-611CWE-20

Identificadores relacionados

ALT-PU-2020-1110

ALT-PU-2020-1617

ALT-PU-2020-2408

ALT-PU-2020-2933

ALT-PU-2021-1368

BDU:2020-01454

CVE-2019-17020

OPENSUSE-SU-2024:10600-1

OPENSUSE-SU-2024:14572-1

USN-4234-1

USN-4234-2

Produtos afetados

Alt Linux

Firefox

Ubuntu

PT-2019-4867 · Mozilla+2 · Firefox+2

CVE-2019-17020

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 1889