Published: 08/01/2020 Updated: 21/07/2021

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

If an XML file is served with a Content Security Policy and the XML file includes an XSL stylesheet, the Content Security Policy will not be applied to the contents of the XSL stylesheet. If the XSL sheet e.g. includes JavaScript, it would bypass any of the restrictions of the Content Security Policy applied to the XML document. This vulnerability affects Firefox < 72.

Vulnerable Product	Search on Vulmon	Subscribe to Product
mozilla firefox
canonical ubuntu linux 16.04
canonical ubuntu linux 18.04
canonical ubuntu linux 19.04
canonical ubuntu linux 19.10

Firefox could be made to crash or run programs as your login if it opened a malicious website ...

Mozilla Foundation Security Advisory 2020-01 Security Vulnerabilities fixed in Firefox 72 Announced January 7, 2020 Impact high Products Firefox Fixed in Firefox 72 ...

A Content Security Policy bypass has been found in Firefox 720, where the CSP is not applied to XSL stylesheets applied to XML documents If the XSL sheet eg includes JavaScript, it would bypass any of the restrictions of the Content Security Policy applied to the XML document ...

CWE-611 https://bugzilla.mozilla.org/show_bug.cgi?id=1597645 https://www.mozilla.org/security/advisories/mfsa2020-01/https://usn.ubuntu.com/4234-1/https://nvd.nist.gov https://usn.ubuntu.com/4234-1/

CVE-2019-17020

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect