Cross-site Scripting (XSS) Affecting thunderbird package, versions <1:68.4.1-1
Snyk CVSS
Threat Intelligence
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-DEBIANUNSTABLE-THUNDERBIRD-541506
- published 7 Jan 2020
- disclosed 8 Jan 2020
Introduced: 7 Jan 2020
CVE-2019-17016 Open this link in a new tabHow to fix?
Upgrade Debian:unstable
thunderbird
to version 1:68.4.1-1 or higher.
NVD Description
Note: Versions mentioned in the description apply only to the upstream thunderbird
package and not the thunderbird
package as distributed by Debian
.
See How to fix?
for Debian:unstable
relevant fixed versions and status.
When pasting a <style> tag from the clipboard into a rich text editor, the CSS sanitizer incorrectly rewrites a @namespace rule. This could allow for injection into certain types of websites resulting in data exfiltration. This vulnerability affects Firefox ESR < 68.4 and Firefox < 72.
References
- ADVISORY
- ADVISORY
- Bugtraq Mailing List
- Bugtraq Mailing List
- Bugtraq Mailing List
- Debian Security Advisory
- Debian Security Advisory
- Debian Security Announcement
- Debian Security Announcement
- GENTOO
- MISC
- Mozilla Security Advisory
- Mozilla Security Advisory
- OpenSuse Security Announcement
- REDHAT
- REDHAT
- RedHat Bugzilla Bug
- RHSA Security Advisory
- RHSA Security Advisory
- RHSA Security Advisory
- RHSA Security Advisory
- RHSA Security Advisory
- RHSA Security Advisory
- SUSE
- UBUNTU
- Ubuntu CVE Tracker
- Ubuntu Security Advisory
- Ubuntu Security Advisory