Home > Vulnerability Database > CVE-2019-17020

Mend.io Vulnerability Database

CVE-2019-17020

Good to know:

Date: January 8, 2020

If an XML file is served with a Content Security Policy and the XML file includes an XSL stylesheet, the Content Security Policy will not be applied to the contents of the XSL stylesheet. If the XSL sheet e.g. includes JavaScript, it would bypass any of the restrictions of the Content Security Policy applied to the XML document. This vulnerability affects Firefox < 72.

Severity Score

6.5

Related Resources (6)

Url: https://nvd.nist.gov/vuln/detail/CVE-2019-17020

Url: https://www.mozilla.org/security/advisories/mfsa2020-01/

Url: https://bugzilla.mozilla.org/show_bug.cgi?id=1597645

Url: https://usn.ubuntu.com/4234-1/

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2019-17020

Url: https://www.mend.io/vulnerability-database/CVE-2019-17020

Severity Score

6.5

Weakness Type (CWE)

Improper Restriction of XML External Entity Reference

CWE-611

Improper Input Validation

CWE-20

Top Fix

Upgrade Version

Upgrade to version firefox - 72.0-1

Learn More

CVSS v3.1

Base Score:	6.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	HIGH
Availability (A):	NONE

CVSS v2

Base Score:	4.3
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	NONE
Integrity (I):	PARTIAL
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2019-17020

Good to know:

Date: January 8, 2020

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?