6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.002 Low
EPSS
Percentile
51.6%
Failure to correctly handle null bytes when processing HTML entities
resulted in Firefox incorrectly parsing these entities. This could have led
to HTML comment text being treated as HTML which could have led to XSS in a
web application under certain conditions. It could have also led to HTML
entities being masked from filters - enabling the use of entities to mask
the actual characters of interest from filters. This vulnerability affects
Firefox < 70, Thunderbird < 68.2, and Firefox ESR < 68.2.
Author | Note |
---|---|
tyhicks | mozjs contains a copy of the SpiderMonkey JavaScript engine |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 18.04 | noarch | firefox | < 70.0+build2-0ubuntu0.18.04.1 | UNKNOWN |
ubuntu | 19.04 | noarch | firefox | < 70.0+build2-0ubuntu0.19.04.1 | UNKNOWN |
ubuntu | 19.10 | noarch | firefox | < 70.0+build2-0ubuntu0.19.10.1 | UNKNOWN |
ubuntu | 20.04 | noarch | firefox | < 70.0+build2-0ubuntu1 | UNKNOWN |
ubuntu | 20.10 | noarch | firefox | < 70.0+build2-0ubuntu1 | UNKNOWN |
ubuntu | 21.04 | noarch | firefox | < 70.0+build2-0ubuntu1 | UNKNOWN |
ubuntu | 21.10 | noarch | firefox | < 70.0+build2-0ubuntu1 | UNKNOWN |
ubuntu | 22.04 | noarch | firefox | < 70.0+build2-0ubuntu1 | UNKNOWN |
ubuntu | 22.10 | noarch | firefox | < 70.0+build2-0ubuntu1 | UNKNOWN |
ubuntu | 23.04 | noarch | firefox | < 70.0+build2-0ubuntu1 | UNKNOWN |
launchpad.net/bugs/cve/CVE-2019-11763
nvd.nist.gov/vuln/detail/CVE-2019-11763
security-tracker.debian.org/tracker/CVE-2019-11763
ubuntu.com/security/notices/USN-4165-1
ubuntu.com/security/notices/USN-4202-1
ubuntu.com/security/notices/USN-4335-1
www.cve.org/CVERecord?id=CVE-2019-11763
www.mozilla.org/en-US/security/advisories/mfsa2019-34/#CVE-2019-11763
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.002 Low
EPSS
Percentile
51.6%