Allele Security Alert
ASA-2019-00441
Identifier(s)
ASA-2019-00441, CVE-2019-11720, MFSA2019-21
Title
Character encoding XSS vulnerability
Vendor(s)
Mozilla
Product(s)
Mozilla Firefox
Affected version(s)
Mozilla Firefox version before 68
Fixed version(s)
Mozilla Firefox version 68
Proof of concept
Unknown
Description
Some unicode characters are incorrectly treated as whitespace during the parsing of web content instead of triggering parsing errors. This allows malicious code to then be processed, evading cross-site scripting (XSS) filtering.
Technical details
Unknown
Credits
Rakesh Mane
Reference(s)
Mozilla Foundation Security Advisory 2019-21
https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11720
Bug 1556230
https://bugzilla.mozilla.org/show_bug.cgi?id=1556230
CVE-2019-11720
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11720
CVE-2019-11720
https://nvd.nist.gov/vuln/detail/CVE-2019-11720
If there is any error in this alert or you wish a comprehensive analysis, let us know.
Last modified: July 17, 2019