When pasting a <style> tag from the clipboard into a rich text editor, the CSS sanitizer does not escape < and > characters. Because the resulting string is pasted directly into the text node of the element this does not result in a direct injection into the webpage; however, if a webpage subsequently copies the node's innerHTML, assigning it to another innerHTML, this would result in an XSS vulnerability. Two WYSIWYG editors were identified with this behavior, more may exist. This vulnerability affects Firefox ESR < 68.4 and Firefox < 72.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mozilla
Published: 2020-01-08T21:30:09
Updated: 2020-04-29T02:07:03
Reserved: 2019-09-30T00:00:00
Link: CVE-2019-17022
JSON object: View
NVD Information
Status : Modified
Published: 2020-01-08T22:15:12.730
Modified: 2020-01-13T20:15:12.733
Link: CVE-2019-17022
JSON object: View
Redhat Information
No data.
CWE