Mozilla is vulnerable to cross-site scripting (XSS). It does not handle the parameters provided through title
and textarea
elements using innerHTML, allowing an attacker to inject arbitrary scripts through it.
lists.opensuse.org/opensuse-security-announce/2019-10/msg00009.html
lists.opensuse.org/opensuse-security-announce/2019-10/msg00010.html
lists.opensuse.org/opensuse-security-announce/2019-10/msg00011.html
lists.opensuse.org/opensuse-security-announce/2019-10/msg00017.html
access.redhat.com/errata/RHSA-2019:2694
access.redhat.com/security/updates/classification/#critical
bugzilla.mozilla.org/show_bug.cgi?id=1562033
usn.ubuntu.com/4150-1/
www.mozilla.org/en-US/security/advisories/mfsa2019-27/
www.mozilla.org/security/advisories/mfsa2019-25/
www.mozilla.org/security/advisories/mfsa2019-26/
www.mozilla.org/security/advisories/mfsa2019-27/
www.mozilla.org/security/advisories/mfsa2019-29/
www.mozilla.org/security/advisories/mfsa2019-30/