ByteOS Network

NVD Vulnerability Details :

CVE-2019-17020

Analyzed

Source-security@mozilla.org

Published At-08 Jan, 2020 | 22:15

Updated At-21 Jul, 2021 | 11:39

If an XML file is served with a Content Security Policy and the XML file includes an XSL stylesheet, the Content Security Policy will not be applied to the contents of the XSL stylesheet. If the XSL sheet e.g. includes JavaScript, it would bypass any of the restrictions of the Content Security Policy applied to the XML document. This vulnerability affects Firefox < 72.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.1	6.5	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Primary	2.0	4.3	MEDIUM	AV:N/AC:M/Au:N/C:N/I:P/A:N

Type: Primary

Version: 3.1

Base score: 6.5

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Type: Primary

Version: 2.0

Base score: 4.3

Base severity: MEDIUM

Vector:

AV:N/AC:M/Au:N/C:N/I:P/A:N

CPE Matches

Weaknesses

CWE ID	Type	Source
CWE-611	Primary	nvd@nist.gov

CWE ID: CWE-611

Type: Primary

Source: nvd@nist.gov

References

Hyperlink	Source	Resource
https://bugzilla.mozilla.org/show_bug.cgi?id=1597645	security@mozilla.org	Permissions Required
https://usn.ubuntu.com/4234-1/	security@mozilla.org	Third Party Advisory
https://www.mozilla.org/security/advisories/mfsa2020-01/	security@mozilla.org	Vendor Advisory

Hyperlink: https://bugzilla.mozilla.org/show_bug.cgi?id=1597645

Source: security@mozilla.org

Resource:

Permissions Required

Hyperlink: https://usn.ubuntu.com/4234-1/

Source: security@mozilla.org

Resource:

Third Party Advisory

Hyperlink: https://www.mozilla.org/security/advisories/mfsa2020-01/

Source: security@mozilla.org

Resource:

Vendor Advisory

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History