CVE-2019-11715

MEDIUM

Firefox ESR < 60.8 - Firefox < 68 - Thunderbird < 60.8 - XSS

Title source: llm
STIX 2.1

Description

Due to an error while parsing page content, it is possible for properly sanitized user input to be misinterpreted and lead to XSS hazards on web sites in certain circumstances. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8.

References (13)

Core 13
Core References
Issue Tracking, Permissions Required, Vendor Advisory x_refsource_misc
https://bugzilla.mozilla.org/show_bug.cgi?id=1555523
Mailing List mailing-list x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2019/08/msg00001.html
Mailing List mailing-list x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2019/08/msg00002.html
Third Party Advisory vendor-advisory x_refsource_gentoo
https://security.gentoo.org/glsa/201908-12
Third Party Advisory vendor-advisory x_refsource_gentoo
https://security.gentoo.org/glsa/201908-20

Scores

CVSS v3 6.1
EPSS 0.0063
EPSS Percentile 70.6%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE
CWE-79
Status published
Products (2)
mozilla/firefox < 60.8.0
mozilla/thunderbird < 60.8.0
Published Jul 23, 2019
Tracked Since Feb 18, 2026