Main Vulnerability Database Vulnerabilities #VU24058

Improperly implemented security check for standard in Mozilla Firefox - CVE-2019-17020

Published: January 7, 2020 / Updated: January 8, 2020

Vulnerability identifier: #VU24058

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2019-17020

CWE-ID: CWE-358

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Mozilla

Affected software:
Mozilla Firefox

Detailed vulnerability description

The vulnerability allows a remote attacker to bypass certain security restrictions.

The vulnerability exists due to incorrect implementation of Content Security Policy that is not enforced for XSL stylesheets applied to XML documents. If the XSL sheet e.g. includes JavaScript, it would bypass any of the restrictions of the Content Security Policy applied to the XML document.

Successful exploitation of the vulnerability may allow an attacker to bypass security restrictions that rely on Content Security Policy and perform dangerous actions.

How to mitigate CVE-2019-17020

Install updates from vendor's website.

Sources

https://www.mozilla.org/en-US/security/advisories/mfsa2020-01/

Improperly implemented security check for standard in Mozilla Firefox - CVE-2019-17020

Detailed vulnerability description

How to mitigate CVE-2019-17020

Sources

Please verify you're human