CVE-2019-17022

Current Description

When pasting a <style> tag from the clipboard into a rich text editor, the CSS sanitizer does not escape < and > characters. Because the resulting string is pasted directly into the text node of the element this does not result in a direct injection into the webpage; however, if a webpage subsequently copies the node's innerHTML, assigning it to another innerHTML, this would result in an XSS vulnerability. Two WYSIWYG editors were identified with this behavior, more may exist. This vulnerability affects Firefox ESR < 68.4 and Firefox < 72.

Basic Data

PublishedJanuary 08, 2020
Last ModifiedJanuary 13, 2020
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-79
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:M/Au:N/C:N/I:P/A:N
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityMEDIUM
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactNONE
CVSS 2 - Availability ImpactNONE
CVSS 2 - Base Score4.3
SeverityMEDIUM
Exploitability Score8.6
Impact Score2.9
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationMozillaFirefox Esr********68.4
    2.3ApplicationMozillaFirefox********72.0
  • OR - Configuration 2
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3OSCanonicalUbuntu Linux19.10*******
    2.3OSCanonicalUbuntu Linux19.04*******
    2.3OSCanonicalUbuntu Linux18.04***lts***
    2.3OSCanonicalUbuntu Linux16.04***lts***
  • OR - Configuration 3
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3OSDebianDebian Linux10.0*******
    2.3OSDebianDebian Linux9.0*******
    2.3OSDebianDebian Linux8.0*******
  • OR - Configuration 4
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3OSRedhatEnterprise Linux Workstation7.0*******
    2.3OSRedhatEnterprise Linux Workstation6.0*******
    2.3OSRedhatEnterprise Linux Server Tus7.7*******
    2.3OSRedhatEnterprise Linux Server Aus7.7*******
    2.3OSRedhatEnterprise Linux Server7.0*******
    2.3OSRedhatEnterprise Linux Server6.0*******
    2.3OSRedhatEnterprise Linux Desktop7.0*******
    2.3OSRedhatEnterprise Linux Desktop6.0*******

Vulnerable Software List

VendorProductVersions
Debian Debian Linux 10.0, 8.0, 9.0
Mozilla Firefox *
Mozilla Firefox Esr *
Redhat Enterprise Linux Desktop 6.0, 7.0
Redhat Enterprise Linux Server Aus 7.7
Redhat Enterprise Linux Server 6.0, 7.0
Redhat Enterprise Linux Workstation 6.0, 7.0
Redhat Enterprise Linux Server Tus 7.7
Canonical Ubuntu Linux 16.04, 18.04, 19.04, 19.10

References

NameSourceURLTags
20200112 [slackware-security] mozilla-thunderbird (SSA:2020-010-01)BUGTRAQhttps://seclists.org/bugtraq/2020/Jan/18Vendor Advisory Vendor Advisory Third Party Advisory Third Party Advisory Mailing List Mailing List Mailing List Permissions Required Third Party Advisory Third Party Advisory
20200109 [SECURITY] [DSA 4600-1] firefox-esr security updateBUGTRAQhttps://seclists.org/bugtraq/2020/Jan/12Third Party Advisory Third Party Advisory Third Party Advisory
[debian-lts-announce] 20200120 [SECURITY] [DLA 2071-1] thunderbird security updateMLISThttps://lists.debian.org/debian-lts-announce/2020/01/msg00016.html
[debian-lts-announce] 20200109 [SECURITY] [DLA 2061-1] firefox-esr security updateMLISThttps://lists.debian.org/debian-lts-announce/2020/01/msg00005.html
https://bugzilla.mozilla.org/show_bug.cgi?id=1602843MISChttps://bugzilla.mozilla.org/show_bug.cgi?id=1602843
RHSA-2020:0127REDHAThttps://access.redhat.com/errata/RHSA-2020:0127
RHSA-2020:0123REDHAThttps://access.redhat.com/errata/RHSA-2020:0123
RHSA-2020:0120REDHAThttps://access.redhat.com/errata/RHSA-2020:0120
RHSA-2020:0086REDHAThttps://access.redhat.com/errata/RHSA-2020:0086
RHSA-2020:0111REDHAThttps://access.redhat.com/errata/RHSA-2020:0111
RHSA-2020:0085REDHAThttps://access.redhat.com/errata/RHSA-2020:0085
http://packetstormsecurity.com/files/155912/Slackware-Security-Advisory-mozilla-thunderbird-Updates.htmlMISChttp://packetstormsecurity.com/files/155912/Slackware-Security-Advisory-mozilla-thunderbird-Updates.html
openSUSE-SU-2020:0060SUSEhttp://lists.opensuse.org/opensuse-security-announce/2020-01/msg00029.html
20200120 [SECURITY] [DSA 4603-1] thunderbird security updateBUGTRAQhttps://seclists.org/bugtraq/2020/Jan/26
USN-4234-1UBUNTUhttps://usn.ubuntu.com/4234-1/
USN-4241-1UBUNTUhttps://usn.ubuntu.com/4241-1/
DSA-4600DEBIANhttps://www.debian.org/security/2020/dsa-4600
DSA-4603DEBIANhttps://www.debian.org/security/2020/dsa-4603
https://www.mozilla.org/security/advisories/mfsa2020-01/CONFIRMhttps://www.mozilla.org/security/advisories/mfsa2020-01/
https://www.mozilla.org/security/advisories/mfsa2020-02/CONFIRMhttps://www.mozilla.org/security/advisories/mfsa2020-02/