Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

5743 matches found

OSV
OSVadded 2020/01/08 10:15 p.m.6 views

CVE-2019-17016

When pasting a style tag from the clipboard into a rich text editor, the CSS sanitizer incorrectly rewrites a @namespace rule. This could allow for injection into certain types of websites resulting in data exfiltration. This vulnerability affects Firefox ESR 68.4 and Firefox 72...

6.1CVSS8.2AI score
Exploits0References25
UbuntuCve
UbuntuCveadded 2020/01/08 10:15 p.m.44 views

CVE-2019-17016

When pasting a style tag from the clipboard into a rich text editor, the CSS sanitizer incorrectly rewrites a @namespace rule. This could allow for injection into certain types of websites resulting in data exfiltration. This vulnerability affects Firefox ESR 68.4 and Firefox 72...

6.1CVSS6.9AI score0.01988EPSS
Exploits0References10
Prion
Prionadded 2020/01/08 10:15 p.m.26 views

Design/Logic Flaw

When pasting a style tag from the clipboard into a rich text editor, the CSS sanitizer does not escape and characters. Because the resulting string is pasted directly into the text node of the element this does not result in a direct injection into the webpage; however, if a webpage subsequently...

4.3CVSS6.4AI score0.01988EPSS
Exploits0References25Affected Software9
UbuntuCve
UbuntuCveadded 2020/01/08 10:15 p.m.35 views

CVE-2019-17022

When pasting a style tag from the clipboard into a rich text editor, the CSS sanitizer does not escape and characters. Because the resulting string is pasted directly into the text node of the element this does not result in a direct injection into the webpage; however, if a webpage subsequently...

6.1CVSS6.9AI score0.01988EPSS
Exploits0References10
OSV
OSVadded 2020/01/08 10:15 p.m.0 views

UBUNTU-CVE-2019-17016

When pasting a style tag from the clipboard into a rich text editor, the CSS sanitizer incorrectly rewrites a @namespace rule. This could allow for injection into certain types of websites resulting in data exfiltration. This vulnerability affects Firefox ESR 68.4 and Firefox 72...

6.1CVSS7.3AI score0.01988EPSS
Exploits0References11
Prion
Prionadded 2020/01/08 10:15 p.m.23 views

Design/Logic Flaw

When pasting a style tag from the clipboard into a rich text editor, the CSS sanitizer incorrectly rewrites a @namespace rule. This could allow for injection into certain types of websites resulting in data exfiltration. This vulnerability affects Firefox ESR 68.4 and Firefox 72...

4.3CVSS6.5AI score0.01988EPSS
Exploits0References25Affected Software9
OSV
OSVadded 2020/01/08 10:15 p.m.0 views

UBUNTU-CVE-2019-17022

When pasting a style tag from the clipboard into a rich text editor, the CSS sanitizer does not escape and characters. Because the resulting string is pasted directly into the text node of the element this does not result in a direct injection into the webpage; however, if a webpage subsequently...

6.1CVSS7.3AI score0.01988EPSS
Exploits0References11
Cvelist
Cvelistadded 2020/01/08 9:30 p.m.19 views

CVE-2019-17022

When pasting a style tag from the clipboard into a rich text editor, the CSS sanitizer does not escape and characters. Because the resulting string is pasted directly into the text node of the element this does not result in a direct injection into the webpage; however, if a webpage subsequently...

7AI score0.01988EPSS
Exploits0References25
CVE
CVEadded 2020/01/08 9:30 p.m.273 views

CVE-2019-17022

CVE-2019-17022 affects Thunderbird (and Firefox ESR/Firefox) where pasting a tag bypasses CSS sanitization by not escaping characters, potentially enabling XSS when innerHTML is later copied back. Connected advisories indicate vulnerable versions include Thunderbird up to 68.4.x and Firefox ESR...

6.1CVSS6.8AI score0.01988EPSS
Exploits0References25Affected Software2
AlpineLinux
AlpineLinuxadded 2020/01/08 9:30 p.m.57 views

CVE-2019-17022

When pasting a style tag from the clipboard into a rich text editor, the CSS sanitizer does not escape and characters. Because the resulting string is pasted directly into the text node of the element this does not result in a direct injection into the webpage; however, if a webpage subsequently...

6.1CVSS7.2AI score0.01988EPSS
Exploits0
Cvelist
Cvelistadded 2020/01/08 9:27 p.m.22 views

CVE-2019-17016

When pasting a style tag from the clipboard into a rich text editor, the CSS sanitizer incorrectly rewrites a @namespace rule. This could allow for injection into certain types of websites resulting in data exfiltration. This vulnerability affects Firefox ESR 68.4 and Firefox 72...

7AI score0.01988EPSS
Exploits0References25
CVE
CVEadded 2020/01/08 9:27 p.m.283 views

CVE-2019-17016

CVE-2019-17016 describes a bypass of the CSS sanitizer for pasted rules, due to incorrect rewriting of a @namespace rule, enabling potential data exposure. Affected products include Thunderbird and Firefox releases prior to versions 68.4.1/72.x respectively (Thunderbird before 68.4.1; Firefox ES...

6.1CVSS6.8AI score0.01988EPSS
Exploits0References25Affected Software2
AlpineLinux
AlpineLinuxadded 2020/01/08 9:27 p.m.39 views

CVE-2019-17016

When pasting a style tag from the clipboard into a rich text editor, the CSS sanitizer incorrectly rewrites a @namespace rule. This could allow for injection into certain types of websites resulting in data exfiltration. This vulnerability affects Firefox ESR 68.4 and Firefox 72...

6.1CVSS7.2AI score0.01988EPSS
Exploits0
Debian CVE
Debian CVEadded 2020/01/08 9:27 p.m.36 views

CVE-2019-17016

When pasting a style tag from the clipboard into a rich text editor, the CSS sanitizer incorrectly rewrites a @namespace rule. This could allow for injection into certain types of websites resulting in data exfiltration. This vulnerability affects Firefox ESR 68.4 and Firefox 72...

6.1CVSS8.4AI score0.01988EPSS
Exploits0
ALT Linux
ALT Linuxadded 2020/01/08 12:0 a.m.25 views

Security fix for the ALT Linux 10 package firefox-esr version 68.4.1-alt1

Jan. 8, 2020 Andrey Cherepanov 68.4.1-alt1 - New ESR version 68.4.1. - Fixed: + CVE-2019-17015 Memory corruption in parent process during new content process initialization on Windows + CVE-2019-17016 Bypass of @namespace CSS sanitization during pasting + CVE-2019-17017 Type Confusion in...

6.8CVSS7.9AI score0.02489EPSS
Exploits2
Tenable Nessus
Tenable Nessusadded 2020/01/08 12:0 a.m.37 views

Mozilla Firefox < 72.0

The version of Firefox installed on the remote macOS or Mac OS X host is prior to 72.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2020-01 advisory. - Mozilla developers Karl Tomlinson, Jason Kratzer, Tyson Smith, Jon Coppeard, and Christian Holler reported...

8.8CVSS7.9AI score0.02489EPSS
Exploits2References12
Tenable Nessus
Tenable Nessusadded 2020/01/08 12:0 a.m.245 views

Mozilla Firefox ESR < 68.4

The version of Firefox ESR installed on the remote macOS or Mac OS X host is prior to 68.4. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2020-02 advisory. - Mozilla developers Jason Kratzer, Christian Holler, and Bob Clary reported memory safety bugs present in...

8.8CVSS7.9AI score0.02489EPSS
Exploits2References7
OpenVAS
OpenVASadded 2020/01/08 12:0 a.m.43 views

Mozilla Firefox Security Advisories (MFSA2020-01, MFSA2020-02) - Mac OS X

Mozilla Firefox is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:firefox";...

8.8CVSS7.4AI score0.02489EPSS
Exploits1References1
OpenVAS
OpenVASadded 2020/01/08 12:0 a.m.39 views

Mozilla Firefox Security Advisories (MFSA2020-01, MFSA2020-02) - Windows

Mozilla Firefox is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:firefox";...

8.8CVSS7.4AI score0.02489EPSS
Exploits2References1
RedhatCVE
RedhatCVEadded 2020/01/07 11:9 p.m.48 views

CVE-2019-17022

When pasting a style tag from the clipboard into a rich text editor, the CSS sanitizer does not escape and characters. Because the resulting string is pasted directly into the text node of the element this does not result in a direct injection into the webpage; however, if a webpage subsequently...

6.1CVSS0.4AI score0.01988EPSS
Exploits0References4
Rows per page
Query Builder