Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2019-11763

Failure to correctly handle null bytes when processing HTML entities resulted in Firefox incorrectly parsing these entities. This could have led to HTML comment text being treated as HTML which could have led to XSS in a web application under certain conditions. It could have also led to HTML entities being masked from filters - enabling the use of entities to mask the actual characters of interest from filters. This vulnerability affects Firefox < 70, Thunderbird < 68.2, and Firefox ESR < 68.2.

Published

2020-01-08T20:15:12.953

Last Modified

2024-11-21T04:21:44.670

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.1 (MEDIUM)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: NONE
Integrity Impact: PARTIAL
Availability Impact: NONE

Exploitability Score

8.6

Impact Score

2.9

Weaknesses

Type: Primary
CWE-79

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	mozilla	firefox	< 70.0	Yes
Application	mozilla	firefox_esr	< 68.2	Yes
Application	mozilla	thunderbird	< 68.2	Yes
Operating System	canonical	ubuntu_linux	16.04	Yes

References

https://bugzilla.mozilla.org/show_bug.cgi?id=1584216 Issue Tracking, Permissions Required ([email protected])
https://security.gentoo.org/glsa/202003-10 Third Party Advisory ([email protected])
https://usn.ubuntu.com/4335-1/ Third Party Advisory ([email protected])
https://www.mozilla.org/security/advisories/mfsa2019-33/ Vendor Advisory ([email protected])
https://www.mozilla.org/security/advisories/mfsa2019-34/ Vendor Advisory ([email protected])
https://www.mozilla.org/security/advisories/mfsa2019-35/ Vendor Advisory ([email protected])
https://bugzilla.mozilla.org/show_bug.cgi?id=1584216 Issue Tracking, Permissions Required (af854a3a-2127-422b-91ae-364da2661108)
https://security.gentoo.org/glsa/202003-10 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://usn.ubuntu.com/4335-1/ Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.mozilla.org/security/advisories/mfsa2019-33/ Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.mozilla.org/security/advisories/mfsa2019-34/ Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.mozilla.org/security/advisories/mfsa2019-35/ Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)