1. Home
  2. Vulnerabilities
  3. CVE-2019-17020

CVE-2019-17020

CVSS v3.1 6.5 (Medium)
65% Progress
CVSS v2.0 4.3 (Medium)
43% Progress
EPSS 0.17 % (55th)
0.17% Progress
Affected Products 2
Advisories 4
Info CVSS EPSS CAPEC Affected Configurations References Security Advisories Packages & Software OVAL Tools, Exploits & PoC Graph Web & Social Timeline

If an XML file is served with a Content Security Policy and the XML file includes an XSL stylesheet, the Content Security Policy will not be applied to the contents of the XSL stylesheet. If the XSL sheet e.g. includes JavaScript, it would bypass any of the restrictions of the Content Security Policy applied to the XML document. This vulnerability affects Firefox < 72.

Weaknesses
CWE-611
Improper Restriction of XML External Entity Reference
CVE Status
PUBLISHED
CNA
Mozilla Corporation
Published Date
2020-01-08 22:15:12
(4 years ago)
Updated Date
2021-07-21 11:39:23
(3 years ago)

Affected Products

Canonical

Mozilla

Configuration #1

    CPE23 From Up To
  Mozilla Firefox prior 72.0 version cpe:2.3:a:mozilla:firefox < 72.0

Configuration #2

    CPE23 From Up To
  Canonical Ubuntu Linux 16.04 cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts
  Canonical Ubuntu Linux 18.04 cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts
  Canonical Ubuntu Linux 19.04 cpe:2.3:o:canonical:ubuntu_linux:19.04
  Canonical Ubuntu Linux 19.10 cpe:2.3:o:canonical:ubuntu_linux:19.10