When pasting a <style> tag from the clipboard into a rich text editor, the CSS sanitizer incorrectly rewrites a @namespace rule. This could allow for injection into certain types of websites resulting in data exfiltration. This vulnerability affects Firefox ESR < 68.4 and Firefox < 72.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mozilla
Published: 2020-01-08T21:27:03
Updated: 2024-08-05T01:24:48.588Z
Reserved: 2019-09-30T00:00:00
Link: CVE-2019-17016
Vulnrichment
No data.
NVD
Status : Modified
Published: 2020-01-08T22:15:12.277
Modified: 2020-01-13T20:15:12.030
Link: CVE-2019-17016
Redhat