Количество 18
Количество 18
CVE-2019-17022
When pasting a <style> tag from the clipboard into a rich text editor, the CSS sanitizer does not escape < and > characters. Because the resulting string is pasted directly into the text node of the element this does not result in a direct injection into the webpage; however, if a webpage subsequently copies the node's innerHTML, assigning it to another innerHTML, this would result in an XSS vulnerability. Two WYSIWYG editors were identified with this behavior, more may exist. This vulnerability affects Firefox ESR < 68.4 and Firefox < 72.
CVE-2019-17022
When pasting a <style> tag from the clipboard into a rich text editor, the CSS sanitizer does not escape < and > characters. Because the resulting string is pasted directly into the text node of the element this does not result in a direct injection into the webpage; however, if a webpage subsequently copies the node's innerHTML, assigning it to another innerHTML, this would result in an XSS vulnerability. Two WYSIWYG editors were identified with this behavior, more may exist. This vulnerability affects Firefox ESR < 68.4 and Firefox < 72.
CVE-2019-17022
When pasting a <style> tag from the clipboard into a rich text editor, the CSS sanitizer does not escape < and > characters. Because the resulting string is pasted directly into the text node of the element this does not result in a direct injection into the webpage; however, if a webpage subsequently copies the node's innerHTML, assigning it to another innerHTML, this would result in an XSS vulnerability. Two WYSIWYG editors were identified with this behavior, more may exist. This vulnerability affects Firefox ESR < 68.4 and Firefox < 72.
CVE-2019-17022
When pasting a <style> tag from the clipboard into a rich text e ...
GHSA-wgfq-5c99-wv2w
When pasting a <style> tag from the clipboard into a rich text editor, the CSS sanitizer does not escape < and > characters. Because the resulting string is pasted directly into the text node of the element this does not result in a direct injection into the webpage; however, if a webpage subsequently copies the node's innerHTML, assigning it to another innerHTML, this would result in an XSS vulnerability. Two WYSIWYG editors were identified with this behavior, more may exist. This vulnerability affects Firefox ESR < 68.4 and Firefox < 72.
BDU:2020-01455
Уязвимость браузеров Firefox, Firefox ESR, связанная с непринятием мер по защите структуры веб-страницы, позволяющая нарушителю оказать воздействие на целостность данных
ELSA-2020-0127
ELSA-2020-0127: thunderbird security update (IMPORTANT)
ELSA-2020-0123
ELSA-2020-0123: thunderbird security update (IMPORTANT)
ELSA-2020-0120
ELSA-2020-0120: thunderbird security update (IMPORTANT)
ELSA-2020-0111
ELSA-2020-0111: firefox security update (CRITICAL)
ELSA-2020-0086
ELSA-2020-0086: firefox security update (CRITICAL)
ELSA-2020-0085
ELSA-2020-0085: firefox security update (CRITICAL)
openSUSE-SU-2020:0094-1
Security update for MozillaThunderbird
openSUSE-SU-2020:0060-1
Security update for MozillaFirefox
SUSE-SU-2020:14268-1
Security update for MozillaFirefox
SUSE-SU-2020:0142-1
Security update for MozillaThunderbird
SUSE-SU-2020:0078-1
Security update for MozillaFirefox
SUSE-SU-2020:0068-1
Security update for MozillaFirefox
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2019-17022 When pasting a <style> tag from the clipboard into a rich text editor, the CSS sanitizer does not escape < and > characters. Because the resulting string is pasted directly into the text node of the element this does not result in a direct injection into the webpage; however, if a webpage subsequently copies the node's innerHTML, assigning it to another innerHTML, this would result in an XSS vulnerability. Two WYSIWYG editors were identified with this behavior, more may exist. This vulnerability affects Firefox ESR < 68.4 and Firefox < 72. | CVSS3: 6.1 | 5% Низкий | около 6 лет назад |
 | CVE-2019-17022 When pasting a <style> tag from the clipboard into a rich text editor, the CSS sanitizer does not escape < and > characters. Because the resulting string is pasted directly into the text node of the element this does not result in a direct injection into the webpage; however, if a webpage subsequently copies the node's innerHTML, assigning it to another innerHTML, this would result in an XSS vulnerability. Two WYSIWYG editors were identified with this behavior, more may exist. This vulnerability affects Firefox ESR < 68.4 and Firefox < 72. | CVSS3: 6.1 | 5% Низкий | около 6 лет назад |
 | CVE-2019-17022 When pasting a <style> tag from the clipboard into a rich text editor, the CSS sanitizer does not escape < and > characters. Because the resulting string is pasted directly into the text node of the element this does not result in a direct injection into the webpage; however, if a webpage subsequently copies the node's innerHTML, assigning it to another innerHTML, this would result in an XSS vulnerability. Two WYSIWYG editors were identified with this behavior, more may exist. This vulnerability affects Firefox ESR < 68.4 and Firefox < 72. | CVSS3: 6.1 | 5% Низкий | около 6 лет назад |
| CVE-2019-17022 When pasting a <style> tag from the clipboard into a rich text e ... | CVSS3: 6.1 | 5% Низкий | около 6 лет назад |
| GHSA-wgfq-5c99-wv2w When pasting a <style> tag from the clipboard into a rich text editor, the CSS sanitizer does not escape < and > characters. Because the resulting string is pasted directly into the text node of the element this does not result in a direct injection into the webpage; however, if a webpage subsequently copies the node's innerHTML, assigning it to another innerHTML, this would result in an XSS vulnerability. Two WYSIWYG editors were identified with this behavior, more may exist. This vulnerability affects Firefox ESR < 68.4 and Firefox < 72. | 5% Низкий | больше 3 лет назад | |
 | BDU:2020-01455 Уязвимость браузеров Firefox, Firefox ESR, связанная с непринятием мер по защите структуры веб-страницы, позволяющая нарушителю оказать воздействие на целостность данных | CVSS3: 6.1 | 5% Низкий | около 6 лет назад |
| ELSA-2020-0127 ELSA-2020-0127: thunderbird security update (IMPORTANT) | около 6 лет назад | ||
| ELSA-2020-0123 ELSA-2020-0123: thunderbird security update (IMPORTANT) | больше 5 лет назад | ||
| ELSA-2020-0120 ELSA-2020-0120: thunderbird security update (IMPORTANT) | около 6 лет назад | ||
| ELSA-2020-0111 ELSA-2020-0111: firefox security update (CRITICAL) | около 6 лет назад | ||
| ELSA-2020-0086 ELSA-2020-0086: firefox security update (CRITICAL) | больше 5 лет назад | ||
| ELSA-2020-0085 ELSA-2020-0085: firefox security update (CRITICAL) | около 6 лет назад | ||
 | openSUSE-SU-2020:0094-1 Security update for MozillaThunderbird | около 6 лет назад | ||
| openSUSE-SU-2020:0060-1 Security update for MozillaFirefox | около 6 лет назад | ||
| SUSE-SU-2020:14268-1 Security update for MozillaFirefox | около 6 лет назад | ||
| SUSE-SU-2020:0142-1 Security update for MozillaThunderbird | около 6 лет назад | ||
| SUSE-SU-2020:0078-1 Security update for MozillaFirefox | около 6 лет назад | ||
| SUSE-SU-2020:0068-1 Security update for MozillaFirefox | около 6 лет назад |
Уязвимостей на страницу