When pasting a &lt;style&gt; tag from the clipboard into a rich text editor, the CSS sanitizer incorrectly rewrites a @namespace rule. This could allow for injection into certain types of websites resulting in data exfiltration. This vulnerability affects Firefox ESR < 68.4 and Firefox < 72.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mozilla

Published: 2020-01-08T21:27:03

Updated: 2024-08-05T01:24:48.588Z

Reserved: 2019-09-30T00:00:00

Link: CVE-2019-17016

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2020-01-08T22:15:12.277

Modified: 2020-01-13T20:15:12.030

Link: CVE-2019-17016

cve-icon Redhat

Severity : Important

Publid Date: 2020-01-07T00:00:00Z

Links: CVE-2019-17016 - Bugzilla