SB2020010951 - Improperly implemented security check for standard in firefox (Alpine package)

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2020010951

SB2020010951 - Improperly implemented security check for standard in firefox (Alpine package)

Published: January 9, 2020

Security Bulletin ID SB2020010951
CSH Severity
Medium
Patch available
YES
Number of vulnerabilities 1
Exploitation vector Remote access
Highest impact Data manipulation

Breakdown by Severity

Medium 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 1 vulnerability.


1) Improperly implemented security check for standard (CVE-ID: CVE-2019-17020)

CWE-ID: CWE-358 - Improperly Implemented Security Check for Standard

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to bypass certain security restrictions.

The vulnerability exists due to incorrect implementation of Content Security Policy that is not enforced for XSL stylesheets applied to XML documents. If the XSL sheet e.g. includes JavaScript, it would bypass any of the restrictions of the Content Security Policy applied to the XML document.

Successful exploitation of the vulnerability may allow an attacker to bypass security restrictions that rely on Content Security Policy and perform dangerous actions.


Remediation

Install update from vendor's website.

References