Mozilla: CSS sanitization does not escape HTML tags

When pasting a style tag from the clipboard into a rich text editor, the CSS sanitizer does not escape and characters. Because the resulting string is pasted directly into the text node of the element this does not result in a direct injection into the webpage; however, if a webpage subsequently...

firefox security update

CentOS Errata and Security Advisory CESA-2020:0086 An update for firefox is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

Mozilla Thunderbird Security Advisory (MFSA2020-04) - Windows

Mozilla Thunderbird is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:thunderbird";...

Mozilla Thunderbird Security Advisory (MFSA2020-04) - Mac OS X

Mozilla Thunderbird is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:thunderbird";...

Critical: Red Hat Security Advisory: firefox security update

An update for firefox is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

SUSE-SU-2020:0078-1 Security update for MozillaFirefox

This update for MozillaFirefox fixes the following issues: - Firefox Extended Support Release 68.4.1 ESR Fixed: Security fix MFSA 2020-03 bsc1160498 CVE-2019-17026 bmo1607443 IonMonkey type confusion with StoreElementHole and FallibleStoreElement - Firefox Extended Support Release 68.4.0 ESR Fixe...

SUSE SLED12 / SLES12 Security Update : MozillaFirefox (SUSE-SU-2020:0068-1)

This update for MozillaFirefox fixes the following issues : Firefox Extended Support Release 68.4.1 ESR - Fixed: Security fix MFSA 2020-03 bsc1160498 - CVE-2019-17026 bmo1607443 IonMonkey type confusion with StoreElementHole and FallibleStoreElement Firefox Extended Support Release 68.4.0 ESR -...

Updated thunderbird packages fix security vulnerabilities

Updated thunderbird packages fix security vulnerabilities: Bypass of @namespace CSS sanitization during pasting CVE-2019-17016 Type Confusion in XPCVariant.cpp CVE-2019-17017 CSS sanitization does not escape HTML tags CVE-2019-17022 Memory safety bugs fixed in Thunderbird 68.4.1 CVE-2019-17024...

MGASA-2020-0034 Updated thunderbird packages fix security vulnerabilities

Updated thunderbird packages fix security vulnerabilities: Bypass of @namespace CSS sanitization during pasting CVE-2019-17016 Type Confusion in XPCVariant.cpp CVE-2019-17017 CSS sanitization does not escape HTML tags CVE-2019-17022 Memory safety bugs fixed in Thunderbird 68.4.1 CVE-2019-17024...

SUSE-SU-2020:14268-1 Security update for MozillaFirefox

This update for MozillaFirefox fixes the following issues: - Firefox Extended Support Release 68.4.1 ESR Fixed: Security fix MFSA 2020-03 bsc1160498 CVE-2019-17026 bmo1607443 IonMonkey type confusion with StoreElementHole and FallibleStoreElement - Firefox Extended Support Release 68.4.0 ESR Fixe...

SUSE-SU-2020:0068-1 Security update for MozillaFirefox

This update for MozillaFirefox fixes the following issues: - Firefox Extended Support Release 68.4.1 ESR Fixed: Security fix MFSA 2020-03 bsc1160498 CVE-2019-17026 bmo1607443 IonMonkey type confusion with StoreElementHole and FallibleStoreElement - Firefox Extended Support Release 68.4.0 ESR Fixe...

KLA11635 Multiple vulnerabilities in Mozilla Thunderbird

Multiple vulnerabilities were found in Mozilla Thunderbird. Malicious users can exploit these vulnerabilities to obtain sensitive information, cause denial of service, execute arbitrary code, perform cross-site scripting attack, bypass security restrictions. Below is a complete list of...

Mozilla Firefox Security Advisories (MFSA2020-01, MFSA2020-02) - Windows

Mozilla Firefox is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:firefox";...

Security fix for the ALT Linux 10 package firefox-esr version 68.4.1-alt1

Jan. 8, 2020 Andrey Cherepanov 68.4.1-alt1 - New ESR version 68.4.1. - Fixed: + CVE-2019-17015 Memory corruption in parent process during new content process initialization on Windows + CVE-2019-17016 Bypass of @namespace CSS sanitization during pasting + CVE-2019-17017 Type Confusion in...

KLA11629 Multiple vulnerabilities in Mozilla Firefox ESR

Multiple vulnerabilities were found in Mozilla Firefox ESR. Malicious users can exploit these vulnerabilities to obtain sensitive information, execute arbitrary code, cause denial of service, bypass security restrictions, perform cross-site scripting attack. Below is a complete list of...

rubygem-actionpack: css_sanitization: XSS vulnerability in sanitize_css

A cross-site scripting XSS flaw was found in Action Pack. A remote attacker could use this flaw to conduct XSS attacks against users of an application using Action Pack...

CVE-2013-1855 rubygem-actionpack: css_sanitization: XSS vulnerability in sanitize_css

The sanitizecss method in lib/actioncontroller/vendor/html-scanner/html/sanitizer.rb in the Action Pack component in Ruby on Rails before 2.3.18, 3.0.x and 3.1.x before 3.1.12, and 3.2.x before 3.2.13 does not properly handle \n newline characters, which makes it easier for remote attackers to...