{"containers": {"cna": {"affected": [{"product": "Firefox ESR", "vendor": "Mozilla", "versions": [{"lessThan": "60.8", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "Firefox", "vendor": "Mozilla", "versions": [{"lessThan": "68", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "Thunderbird", "vendor": "Mozilla", "versions": [{"lessThan": "60.8", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "Due to an error while parsing page content, it is possible for properly sanitized user input to be misinterpreted and lead to XSS hazards on web sites in certain circumstances. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8."}], "problemTypes": [{"descriptions": [{"description": "HTML parsing error can contribute to content XSS", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-10-04T17:06:50", "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.mozilla.org/security/advisories/mfsa2019-21/"}, {"tags": ["x_refsource_MISC"], "url": "https://www.mozilla.org/security/advisories/mfsa2019-22/"}, {"tags": ["x_refsource_MISC"], "url": "https://www.mozilla.org/security/advisories/mfsa2019-23/"}, {"tags": ["x_refsource_MISC"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1555523"}, {"name": "openSUSE-SU-2019:1811", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00055.html"}, {"name": "openSUSE-SU-2019:1813", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00058.html"}, {"name": "[debian-lts-announce] 20190802 [SECURITY] [DLA 1869-1] firefox-esr security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00001.html"}, {"name": "[debian-lts-announce] 20190802 [SECURITY] [DLA 1870-1] thunderbird security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00002.html"}, {"name": "GLSA-201908-12", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201908-12"}, {"name": "GLSA-201908-20", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201908-20"}, {"name": "openSUSE-SU-2019:1990", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00073.html"}, {"name": "openSUSE-SU-2019:2248", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00010.html"}, {"name": "openSUSE-SU-2019:2249", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00009.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@mozilla.org", "ID": "CVE-2019-11715", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Firefox ESR", "version": {"version_data": [{"version_affected": "<", "version_value": "60.8"}]}}, {"product_name": "Firefox", "version": {"version_data": [{"version_affected": "<", "version_value": "68"}]}}, {"product_name": "Thunderbird", "version": {"version_data": [{"version_affected": "<", "version_value": "60.8"}]}}]}, "vendor_name": "Mozilla"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Due to an error while parsing page content, it is possible for properly sanitized user input to be misinterpreted and lead to XSS hazards on web sites in certain circumstances. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "HTML parsing error can contribute to content XSS"}]}]}, "references": {"reference_data": [{"name": "https://www.mozilla.org/security/advisories/mfsa2019-21/", "refsource": "MISC", "url": "https://www.mozilla.org/security/advisories/mfsa2019-21/"}, {"name": "https://www.mozilla.org/security/advisories/mfsa2019-22/", "refsource": "MISC", "url": "https://www.mozilla.org/security/advisories/mfsa2019-22/"}, {"name": "https://www.mozilla.org/security/advisories/mfsa2019-23/", "refsource": "MISC", "url": "https://www.mozilla.org/security/advisories/mfsa2019-23/"}, {"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1555523", "refsource": "MISC", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1555523"}, {"name": "openSUSE-SU-2019:1811", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00055.html"}, {"name": "openSUSE-SU-2019:1813", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00058.html"}, {"name": "[debian-lts-announce] 20190802 [SECURITY] [DLA 1869-1] firefox-esr security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00001.html"}, {"name": "[debian-lts-announce] 20190802 [SECURITY] [DLA 1870-1] thunderbird security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00002.html"}, {"name": "GLSA-201908-12", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201908-12"}, {"name": "GLSA-201908-20", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201908-20"}, {"name": "openSUSE-SU-2019:1990", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00073.html"}, {"name": "openSUSE-SU-2019:2248", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00010.html"}, {"name": "openSUSE-SU-2019:2249", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00009.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T23:03:32.562Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.mozilla.org/security/advisories/mfsa2019-21/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.mozilla.org/security/advisories/mfsa2019-22/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.mozilla.org/security/advisories/mfsa2019-23/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1555523"}, {"name": "openSUSE-SU-2019:1811", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00055.html"}, {"name": "openSUSE-SU-2019:1813", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00058.html"}, {"name": "[debian-lts-announce] 20190802 [SECURITY] [DLA 1869-1] firefox-esr security update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00001.html"}, {"name": "[debian-lts-announce] 20190802 [SECURITY] [DLA 1870-1] thunderbird security update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00002.html"}, {"name": "GLSA-201908-12", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/201908-12"}, {"name": "GLSA-201908-20", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/201908-20"}, {"name": "openSUSE-SU-2019:1990", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00073.html"}, {"name": "openSUSE-SU-2019:2248", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00010.html"}, {"name": "openSUSE-SU-2019:2249", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00009.html"}]}]}, "cveMetadata": {"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "assignerShortName": "mozilla", "cveId": "CVE-2019-11715", "datePublished": "2019-07-23T13:18:29", "dateReserved": "2019-05-03T00:00:00", "dateUpdated": "2024-08-04T23:03:32.562Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "matchCriteriaId": "BB53FE62-B5D2-497B-A7E3-40FFE81A9653", "versionEndExcluding": "68.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*", "matchCriteriaId": "B14D1A72-1C76-4DF2-87AC-466428CB5583", "versionEndExcluding": "60.8.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*", "matchCriteriaId": "3BD4F2C0-0E41-48C3-8D97-8AA9016D738B", "versionEndExcluding": "60.8.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Due to an error while parsing page content, it is possible for properly sanitized user input to be misinterpreted and lead to XSS hazards on web sites in certain circumstances. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8."}, {"lang": "es", "value": "Debido a un error mientras se analiza el contenido de p\u00e1gina, es posible que las entradas de los usuarios debidamente saneadas sean interpretadas inapropiadamente y conlleven a riesgos de tipo XSS peligrosos en los sitios web en determinadas circunstancias. Esta vulnerabilidad afecta a Firefox ESR anterior a versi\u00f3n 60.8, Firefox anterior a versi\u00f3n 68 y Thunderbird anterior a versi\u00f3n 60.8."}], "id": "CVE-2019-11715", "lastModified": "2019-07-29T16:15:11.943", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-07-23T14:15:15.810", "references": [{"source": "security@mozilla.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00055.html"}, {"source": "security@mozilla.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00058.html"}, {"source": "security@mozilla.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00073.html"}, {"source": "security@mozilla.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00009.html"}, {"source": "security@mozilla.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00010.html"}, {"source": "security@mozilla.org", "tags": ["Issue Tracking", "Permissions Required", "Vendor Advisory"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1555523"}, {"source": "security@mozilla.org", "url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00001.html"}, {"source": "security@mozilla.org", "url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00002.html"}, {"source": "security@mozilla.org", "url": "https://security.gentoo.org/glsa/201908-12"}, {"source": "security@mozilla.org", "url": "https://security.gentoo.org/glsa/201908-20"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2019-21/"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2019-22/"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2019-23/"}], "sourceIdentifier": "security@mozilla.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Linus S\u00e4rud as the original reporter.", "affected_release": [{"advisory": "RHSA-2019:1765", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "firefox-0:60.8.0-1.el6_10", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2019-07-11T00:00:00Z"}, {"advisory": "RHSA-2019:1777", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "thunderbird-0:60.8.0-1.el6_10", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2019-07-15T00:00:00Z"}, {"advisory": "RHSA-2019:1763", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "firefox-0:60.8.0-1.el7_6", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2019-07-11T00:00:00Z"}, {"advisory": "RHSA-2019:1775", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "thunderbird-0:60.8.0-1.el7_6", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2019-07-15T00:00:00Z"}, {"advisory": "RHSA-2019:1764", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "firefox-0:60.8.0-1.el8_0", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2019-07-11T00:00:00Z"}, {"advisory": "RHSA-2019:1799", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "thunderbird-0:60.8.0-1.el8_0", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2019-07-16T00:00:00Z"}], "bugzilla": {"description": "Mozilla: HTML parsing error can contribute to content XSS", "id": "1728434", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1728434"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified"}, "cwe": "CWE-79", "details": ["Due to an error while parsing page content, it is possible for properly sanitized user input to be misinterpreted and lead to XSS hazards on web sites in certain circumstances. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8."], "name": "CVE-2019-11715", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Out of support scope", "package_name": "firefox", "product_name": "Red Hat Enterprise Linux 5"}], "public_date": "2019-07-10T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2019-11715\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-11715\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2019-22/#CVE-2019-11715"], "threat_severity": "Moderate"}