CVE-2019-11763 - OpenCVE

Failure to correctly handle null bytes when processing HTML entities resulted in Firefox incorrectly parsing these entities. This could have led to HTML comment text being treated as HTML which could have led to XSS in a web application under certain conditions. It could have also led to HTML entities being masked from filters - enabling the use of entities to mask the actual characters of interest from filters. This vulnerability affects Firefox < 70, Thunderbird < 68.2, and Firefox ESR < 68.2.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:N/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Canonical	Ubuntu Linux
Mozilla	Firefox Esr Firefox Thunderbird

Configuration 1 [-]

OR	cpe:2.3:a:mozilla:firefox::::::::
	cpe:2.3:a:mozilla:firefox_esr::::::::
	cpe:2.3:a:mozilla:thunderbird::::::::

Configuration 2 [-]

cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*

References

Link	Resource
https://bugzilla.mozilla.org/show_bug.cgi?id=1584216	Issue Tracking Permissions Required
https://security.gentoo.org/glsa/202003-10	Third Party Advisory
https://usn.ubuntu.com/4335-1/	Third Party Advisory
https://www.mozilla.org/security/advisories/mfsa2019-33/	Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2019-34/	Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2019-35/	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mozilla

Published: 2020-01-08T19:59:44

Updated: 2020-04-29T02:07:16

Reserved: 2019-05-03T00:00:00

Link: CVE-2019-11763

JSON object: View

NVD Information

Status : Analyzed

Published: 2020-01-08T20:15:12.953

Modified: 2023-02-03T17:27:52.730

Link: CVE-2019-11763

JSON object: View

Redhat Information

No data.

CWE

CWE-79

{"containers": {"cna": {"affected": [{"product": "Firefox", "vendor": "Mozilla", "versions": [{"status": "affected", "version": "before 70"}]}, {"product": "Thunderbird", "vendor": "Mozilla", "versions": [{"status": "affected", "version": "before 68.2"}]}, {"product": "Firefox ESR", "vendor": "Mozilla", "versions": [{"status": "affected", "version": "before 68.2"}]}], "descriptions": [{"lang": "en", "value": "Failure to correctly handle null bytes when processing HTML entities resulted in Firefox incorrectly parsing these entities. This could have led to HTML comment text being treated as HTML which could have led to XSS in a web application under certain conditions. It could have also led to HTML entities being masked from filters - enabling the use of entities to mask the actual characters of interest from filters. This vulnerability affects Firefox < 70, Thunderbird < 68.2, and Firefox ESR < 68.2."}], "problemTypes": [{"descriptions": [{"description": "Incorrect HTML parsing results in XSS bypass technique", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-04-29T02:07:16", "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://www.mozilla.org/security/advisories/mfsa2019-35/"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.mozilla.org/security/advisories/mfsa2019-33/"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.mozilla.org/security/advisories/mfsa2019-34/"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1584216"}, {"name": "GLSA-202003-10", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/202003-10"}, {"name": "USN-4335-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/4335-1/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@mozilla.org", "ID": "CVE-2019-11763", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Firefox", "version": {"version_data": [{"version_value": "before 70"}]}}, {"product_name": "Thunderbird", "version": {"version_data": [{"version_value": "before 68.2"}]}}, {"product_name": "Firefox ESR", "version": {"version_data": [{"version_value": "before 68.2"}]}}]}, "vendor_name": "Mozilla"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Failure to correctly handle null bytes when processing HTML entities resulted in Firefox incorrectly parsing these entities. This could have led to HTML comment text being treated as HTML which could have led to XSS in a web application under certain conditions. It could have also led to HTML entities being masked from filters - enabling the use of entities to mask the actual characters of interest from filters. This vulnerability affects Firefox < 70, Thunderbird < 68.2, and Firefox ESR < 68.2."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Incorrect HTML parsing results in XSS bypass technique"}]}]}, "references": {"reference_data": [{"name": "https://www.mozilla.org/security/advisories/mfsa2019-35/", "refsource": "CONFIRM", "url": "https://www.mozilla.org/security/advisories/mfsa2019-35/"}, {"name": "https://www.mozilla.org/security/advisories/mfsa2019-33/", "refsource": "CONFIRM", "url": "https://www.mozilla.org/security/advisories/mfsa2019-33/"}, {"name": "https://www.mozilla.org/security/advisories/mfsa2019-34/", "refsource": "CONFIRM", "url": "https://www.mozilla.org/security/advisories/mfsa2019-34/"}, {"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1584216", "refsource": "CONFIRM", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1584216"}, {"name": "GLSA-202003-10", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/202003-10"}, {"name": "USN-4335-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4335-1/"}]}}}}, "cveMetadata": {"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "assignerShortName": "mozilla", "cveId": "CVE-2019-11763", "datePublished": "2020-01-08T19:59:44", "dateReserved": "2019-05-03T00:00:00", "dateUpdated": "2020-04-29T02:07:16", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "matchCriteriaId": "F4EA7BDA-DA95-46FB-8568-E857D3479994", "versionEndExcluding": "70.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*", "matchCriteriaId": "19FED95C-5BAF-4E31-8F60-E51609BA3BDB", "versionEndExcluding": "68.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*", "matchCriteriaId": "2CE97332-80EC-4CDF-A18C-37CD645A8A12", "versionEndExcluding": "68.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*", "matchCriteriaId": "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Failure to correctly handle null bytes when processing HTML entities resulted in Firefox incorrectly parsing these entities. This could have led to HTML comment text being treated as HTML which could have led to XSS in a web application under certain conditions. It could have also led to HTML entities being masked from filters - enabling the use of entities to mask the actual characters of interest from filters. This vulnerability affects Firefox < 70, Thunderbird < 68.2, and Firefox ESR < 68.2."}, {"lang": "es", "value": "Si no se manejan correctamente los bytes nulos cuando se procesan entidades HTML, Firefox analiza de manera incorrecta estas entidades. Esto podr\u00eda haber conllevado a que el texto de comentario HTML fuese tratado como un HTML, lo que podr\u00eda haber provocado una vulnerabilidad de tipo XSS en una aplicaci\u00f3n web bajo determinadas condiciones. Tambi\u00e9n podr\u00eda haber conllevado a que las entidades HTML sean enmascaradas desde los filtros, permitiendo el uso de entidades para enmascarar los caracteres actuales de inter\u00e9s de los filtros. Esta vulnerabilidad afecta a Firefox versiones anteriores a la versi\u00f3n 70, Thunderbird versiones anteriores 68.2 y Firefox ESR versiones anteriores a la versi\u00f3n 68.2."}], "id": "CVE-2019-11763", "lastModified": "2023-02-03T17:27:52.730", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-01-08T20:15:12.953", "references": [{"source": "security@mozilla.org", "tags": ["Issue Tracking", "Permissions Required"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1584216"}, {"source": "security@mozilla.org", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/202003-10"}, {"source": "security@mozilla.org", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/4335-1/"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2019-33/"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2019-34/"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2019-35/"}], "sourceIdentifier": "security@mozilla.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}