vulnerability
FreeBSD: VID-05463e0a-abd3-4fa4-bd5f-cd5ed132d4c6 (CVE-2019-11744): mozilla -- multiple vulnerabilities
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 4 | (AV:N/AC:M/Au:N/C:N/I:P/A:N) | Sep 3, 2019 | Sep 4, 2019 | Jun 15, 2026 |
Severity
4
CVSS
(AV:N/AC:M/Au:N/C:N/I:P/A:N)
Published
Sep 3, 2019
Added
Sep 4, 2019
Modified
Jun 15, 2026
Description
Some HTML elements, such as andlt;titleandgt; and andlt;textareaandgt;, can contain literal angle brackets without treating them as markup. It is possible to pass a literal closing tag to .innerHTML on these elements, and subsequent content after that will be parsed as if it were outside the tag. This can lead to XSS if a site does not filter user input as strictly for these elements as it does for other elements. This vulnerability affects Firefox less than 69, Thunderbird less than 68.1, Thunderbird less than 60.9, Firefox ESR less than 60.9, and Firefox ESR less than 68.1.
Solutions
freebsd-upgrade-package-firefoxfreebsd-upgrade-package-waterfoxfreebsd-upgrade-package-seamonkeyfreebsd-upgrade-package-linux-seamonkeyfreebsd-upgrade-package-firefox-esrfreebsd-upgrade-package-linux-firefoxfreebsd-upgrade-package-libxulfreebsd-upgrade-package-thunderbirdfreebsd-upgrade-package-linux-thunderbird
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.