CVE-2019-11720: XSS

Q: What is CVE-2019-11720?

CVE-2019-11720 is a vulnerability that allows malicious code to be processed in web content, evading cross-site scripting (XSS) filtering.

Q: Which software is affected by CVE-2019-11720?

CVE-2019-11720 affects Mozilla Firefox versions up to and excluding version 68, as well as Mozilla Thunderbird, openSUSE Leap 15.0, and openSUSE Leap 15.1.

Q: What is the severity of CVE-2019-11720?

The severity of CVE-2019-11720 is medium, with a CVSS score of 6.1.

Q: How does CVE-2019-11720 work?

CVE-2019-11720 incorrectly treats some unicode characters as whitespace during web content parsing, allowing malicious code to evade XSS filtering.

Q: How can I fix CVE-2019-11720?

To fix CVE-2019-11720, update your Mozilla Firefox or Mozilla Thunderbird to version 68 or above.

Published Jul 9, 2019

Updated

Some unicode characters are incorrectly treated as whitespace during the parsing of web content instead of triggering parsing errors. This allows malicious code to then be processed, evading cross-site scripting (XSS) filtering.

Affected Software

5 affected componentsFixes available

Mozilla Firefox<68.0

openSUSE Leap=15.0

openSUSE Leap=15.1

Mozilla Thunderbird<68

Mozilla Firefox<68

Event History

Jul 9, 2019

CVE Published

12:00 AM

Jul 23, 2019

CVE Published

via MITRE·01:17 PM

Data Sourced

via MITRE·01:17 PM

DescriptionWeakness

Parent advisories

This vulnerability appears in the following advisories.

Peer vulnerabilities

Found alongside the following vulnerabilities.

Frequently Asked Questions

What is CVE-2019-11720?

CVE-2019-11720 is a vulnerability that allows malicious code to be processed in web content, evading cross-site scripting (XSS) filtering.

Which software is affected by CVE-2019-11720?

CVE-2019-11720 affects Mozilla Firefox versions up to and excluding version 68, as well as Mozilla Thunderbird, openSUSE Leap 15.0, and openSUSE Leap 15.1.

What is the severity of CVE-2019-11720?