When pasting a <style> tag from the clipboard into a rich text editor, the CSS sanitizer incorrectly rewrites a @namespace rule. This could allow for injection into certain types of websites resulting in data exfiltration. This vulnerability affects Firefox ESR < 68.4 and Firefox < 72.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mozilla
Published: 2020-01-08T21:27:03
Updated: 2020-04-29T02:06:52
Reserved: 2019-09-30T00:00:00
Link: CVE-2019-17016
JSON object: View
NVD Information
Status : Modified
Published: 2020-01-08T22:15:12.277
Modified: 2020-01-13T20:15:12.030
Link: CVE-2019-17016
JSON object: View
Redhat Information
No data.
CWE