vulnerability

MFSA2020-01 Firefox: Security Vulnerabilities fixed in Firefox 72 (CVE-2019-17020)

Try Surface Command

Back to search

Severity

CVSS

(AV:N/AC:M/Au:N/C:N/I:P/A:N)

Published

Jan 7, 2020

Added

Jan 8, 2020

Modified

Mar 27, 2026

Description

If an XML file is served with a Content Security Policy and the XML file includes an XSL stylesheet, the Content Security Policy will not be applied to the contents of the XSL stylesheet. If the XSL sheet e.g. includes JavaScript, it would bypass any of the restrictions of the Content Security Policy applied to the XML document. This vulnerability affects Firefox < 72.

Solution

mozilla-firefox-upgrade-72_0

References

CVE-2019-17020
https://attackerkb.com/topics/CVE-2019-17020
CWE-611
EUVD-EUVD-2019-7494
http://www.mozilla.org/security/announce/2020/mfsa2020-01.html
https://euvd.enisa.europa.eu/vulnerability/EUVD-2019-7494

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report