Vulnerability CVE-2019-11763: Information

Description

Failure to correctly handle null bytes when processing HTML entities resulted in Firefox incorrectly parsing these entities. This could have led to HTML comment text being treated as HTML which could have led to XSS in a web application under certain conditions. It could have also led to HTML entities being masked from filters - enabling the use of entities to mask the actual characters of interest from filters. This vulnerability affects Firefox < 70, Thunderbird < 68.2, and Firefox ESR < 68.2.

Severity: MEDIUM (6.1) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

URL: https://nvd.nist.gov/vuln/detail/CVE-2019-11763

Published: Jan. 8, 2020

Modified: Feb. 3, 2023

Error type identifier: CWE-79

Fixed packages

Package name	Branch	Fixed in version	Version from repository	Errata ID	Task #	State
firefox	sisyphus	70.0.1-alt1	126.0.1-alt1	ALT-PU-2019-3087-1	240250	Fixed
firefox	p10	70.0.1-alt1	118.0.2-alt0.p10.1	ALT-PU-2019-3087-1	240250	Fixed
firefox	p9	72.0.2-alt0.1.p9	105.0.1-alt0.c9.1	ALT-PU-2020-1617-1	245893	Fixed
firefox	c10f1	70.0.1-alt1	112.0.2-alt0.p10.1	ALT-PU-2019-3087-1	240250	Fixed
firefox	c9f2	72.0.2-alt0.1.p9	105.0.1-alt0.c9.1	ALT-PU-2020-1617-1	245893	Fixed
firefox	p11	70.0.1-alt1	126.0.1-alt1	ALT-PU-2019-3087-1	240250	Fixed
firefox-esr	sisyphus	68.2.0-alt1	115.11.0-alt1	ALT-PU-2019-3056-1	239816	Fixed
firefox-esr	p10	68.2.0-alt1	115.11.0-alt1	ALT-PU-2019-3056-1	239816	Fixed
firefox-esr	p9	68.2.0-alt1	102.11.0-alt0.c9.1	ALT-PU-2019-3106-1	240257	Fixed
firefox-esr	p8	68.2.0-alt0.M80P.1	68.4.1-alt0.M80P.1	ALT-PU-2019-3218-1	242089	Fixed
firefox-esr	c10f1	68.2.0-alt1	115.9.1-alt0.c10.1	ALT-PU-2019-3056-1	239816	Fixed
firefox-esr	c9f2	78.7.1-alt0.1.c9	102.12.0-alt0.c9.1	ALT-PU-2021-1368-1	264611	Fixed
firefox-esr	p11	68.2.0-alt1	115.11.0-alt1	ALT-PU-2019-3056-1	239816	Fixed
thunderbird	sisyphus	68.4.2-alt1	115.9.0-alt1	ALT-PU-2020-1166-1	243898	Fixed
thunderbird	p10	68.4.2-alt1	115.9.0-alt1	ALT-PU-2020-1166-1	243898	Fixed
thunderbird	p9	68.6.0-alt1	102.11.0-alt0.c9.1	ALT-PU-2020-1515-1	245787	Fixed
thunderbird	c10f1	68.4.2-alt1	115.9.0-alt0.c10.1	ALT-PU-2020-1166-1	243898	Fixed
thunderbird	c9f2	68.6.0-alt1	102.11.0-alt0.c9.1	ALT-PU-2020-1515-1	245787	Fixed
thunderbird	p11	68.4.2-alt1	115.9.0-alt1	ALT-PU-2020-1166-1	243898	Fixed

References to Advisories, Solutions, and Tools

Hyperlink	Resource
https://www.mozilla.org/security/advisories/mfsa2019-35/	Vendor Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=1584216	Issue Tracking Permissions Required
https://www.mozilla.org/security/advisories/mfsa2019-34/	Vendor Advisory
https://www.mozilla.org/security/advisories/mfsa2019-33/	Vendor Advisory
GLSA-202003-10	Third Party Advisory
USN-4335-1	Third Party Advisory

Affected configurations:
1. Configuration 1
  cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*
  End excliding
  68.2
  cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
  End excliding
  68.2
  cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
  End excliding
  70.0
  
  Configuration 2
  cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*

Version: v24.5.3

Vulnerability CVE-2019-11763: Information

Description

Fixed packages

References to Advisories, Solutions, and Tools

Configuration 1

Configuration 2