SB2020010951 - Improperly implemented security check for standard in firefox (Alpine package)

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2020010951

SB2020010951 - Improperly implemented security check for standard in firefox (Alpine package)

Published: January 9, 2020

Security Bulletin ID SB2020010951
Severity
Medium
Patch available
YES
Number of vulnerabilities 1
Exploitation vector Remote access
Highest impact Data manipulation

Breakdown by Severity

Medium 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 1 security vulnerability.


1) Improperly implemented security check for standard (CVE-ID: CVE-2019-17020)

The vulnerability allows a remote attacker to bypass certain security restrictions.

The vulnerability exists due to incorrect implementation of Content Security Policy that is not enforced for XSL stylesheets applied to XML documents. If the XSL sheet e.g. includes JavaScript, it would bypass any of the restrictions of the Content Security Policy applied to the XML document.

Successful exploitation of the vulnerability may allow an attacker to bypass security restrictions that rely on Content Security Policy and perform dangerous actions.


Remediation

Install update from vendor's website.

References