{"api_version":"1","generated_at":"2026-04-23T04:33:55+00:00","cve":"CVE-2019-11715","urls":{"html":"https://cve.report/CVE-2019-11715","api":"https://cve.report/api/cve/CVE-2019-11715.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2019-11715","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2019-11715"},"summary":{"title":"CVE-2019-11715","description":"Due to an error while parsing page content, it is possible for properly sanitized user input to be misinterpreted and lead to XSS hazards on web sites in certain circumstances. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8.","state":"PUBLIC","assigner":"security@mozilla.org","published_at":"2019-07-23 14:15:00","updated_at":"2019-07-29 16:15:00"},"problem_types":["CWE-79"],"metrics":[],"references":[{"url":"https://www.mozilla.org/security/advisories/mfsa2019-21/","name":"https://www.mozilla.org/security/advisories/mfsa2019-21/","refsource":"MISC","tags":["Vendor Advisory"],"title":"Security vulnerabilities fixed in Firefox 68 — Mozilla","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00073.html","name":"openSUSE-SU-2019:1990","refsource":"SUSE","tags":[],"title":"[security-announce] openSUSE-SU-2019:1990-1: moderate: Security update f","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://security.gentoo.org/glsa/201908-12","name":"GLSA-201908-12","refsource":"GENTOO","tags":[],"title":"Mozilla Firefox: Multiple vulnerabilities (GLSA 201908-12) — Gentoo security","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.debian.org/debian-lts-announce/2019/08/msg00002.html","name":"[debian-lts-announce] 20190802 [SECURITY] [DLA 1870-1] thunderbird security update","refsource":"MLIST","tags":[],"title":"[SECURITY] [DLA 1870-1] thunderbird security update","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00058.html","name":"openSUSE-SU-2019:1813","refsource":"SUSE","tags":[],"title":"[security-announce] openSUSE-SU-2019:1813-1: important: Security update","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00055.html","name":"openSUSE-SU-2019:1811","refsource":"SUSE","tags":[],"title":"[security-announce] openSUSE-SU-2019:1811-1: important: Security update","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00009.html","name":"openSUSE-SU-2019:2249","refsource":"SUSE","tags":[],"title":"[security-announce] openSUSE-SU-2019:2249-1: important: Security update","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.mozilla.org/security/advisories/mfsa2019-22/","name":"https://www.mozilla.org/security/advisories/mfsa2019-22/","refsource":"MISC","tags":["Vendor Advisory"],"title":"Security vulnerabilities fixed in Firefox ESR 60.8 — Mozilla","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.mozilla.org/security/advisories/mfsa2019-23/","name":"https://www.mozilla.org/security/advisories/mfsa2019-23/","refsource":"MISC","tags":["Vendor Advisory"],"title":"Security vulnerabilities fixed in Thunderbird 60.8 — Mozilla","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1555523","name":"https://bugzilla.mozilla.org/show_bug.cgi?id=1555523","refsource":"MISC","tags":["Issue Tracking","Permissions Required","Vendor Advisory"],"title":"1555523 - (CVE-2019-11715) Incorrect parsing of style tag leads to XSS if HTML+CSS is allowed but no JS","mime":"text/html","httpstatus":"200","archivestatus":"429"},{"url":"https://security.gentoo.org/glsa/201908-20","name":"GLSA-201908-20","refsource":"GENTOO","tags":[],"title":"Mozilla Thunderbird: Multiple vulnerabilities (GLSA 201908-20) — Gentoo security","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.debian.org/debian-lts-announce/2019/08/msg00001.html","name":"[debian-lts-announce] 20190802 [SECURITY] [DLA 1869-1] firefox-esr security update","refsource":"MLIST","tags":[],"title":"[SECURITY] [DLA 1869-1] firefox-esr security update","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00010.html","name":"openSUSE-SU-2019:2248","refsource":"SUSE","tags":[],"title":"[security-announce] openSUSE-SU-2019:2248-1: important: Security update","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2019-11715","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-11715","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2019","cve_id":"11715","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mozilla","cpe5":"firefox","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"11715","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mozilla","cpe5":"firefox","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"11715","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mozilla","cpe5":"firefox_esr","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"11715","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mozilla","cpe5":"firefox_esr","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"11715","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mozilla","cpe5":"thunderbird","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"11715","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mozilla","cpe5":"thunderbird","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2019-11715","qid":"296081","title":"Oracle Solaris 11.4 Support Repository Update (SRU) 12.5.0 Missing (CPUJUL2019)"},{"cve":"CVE-2019-11715","qid":"378138","title":"Virtuozzo Linux Security Update for firefox (VZLSA-2019:1763)"},{"cve":"CVE-2019-11715","qid":"500919","title":"Alpine Linux Security Update for firefox-esr"},{"cve":"CVE-2019-11715","qid":"504784","title":"Alpine Linux Security Update for firefox-esr"},{"cve":"CVE-2019-11715","qid":"710140","title":"Gentoo Linux Mozilla Thunderbird Multiple vulnerabilities (GLSA 201908-20)"},{"cve":"CVE-2019-11715","qid":"710148","title":"Gentoo Linux Mozilla Firefox Multiple vulnerabilities (GLSA 201908-12)"}]},"source_records":{"cve_program":{"data_type":"CVE","data_format":"MITRE","data_version":"4.0","CVE_data_meta":{"ID":"CVE-2019-11715","ASSIGNER":"security@mozilla.org","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"vendor_name":"Mozilla","product":{"product_data":[{"product_name":"Firefox ESR","version":{"version_data":[{"version_value":"60.8","version_affected":"<"}]}},{"product_name":"Firefox","version":{"version_data":[{"version_value":"68","version_affected":"<"}]}},{"product_name":"Thunderbird","version":{"version_data":[{"version_value":"60.8","version_affected":"<"}]}}]}}]}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"HTML parsing error can contribute to content XSS"}]}]},"references":{"reference_data":[{"url":"https://www.mozilla.org/security/advisories/mfsa2019-21/","refsource":"MISC","name":"https://www.mozilla.org/security/advisories/mfsa2019-21/"},{"url":"https://www.mozilla.org/security/advisories/mfsa2019-22/","refsource":"MISC","name":"https://www.mozilla.org/security/advisories/mfsa2019-22/"},{"url":"https://www.mozilla.org/security/advisories/mfsa2019-23/","refsource":"MISC","name":"https://www.mozilla.org/security/advisories/mfsa2019-23/"},{"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1555523","refsource":"MISC","name":"https://bugzilla.mozilla.org/show_bug.cgi?id=1555523"},{"refsource":"SUSE","name":"openSUSE-SU-2019:1811","url":"http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00055.html"},{"refsource":"SUSE","name":"openSUSE-SU-2019:1813","url":"http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00058.html"},{"refsource":"MLIST","name":"[debian-lts-announce] 20190802 [SECURITY] [DLA 1869-1] firefox-esr security update","url":"https://lists.debian.org/debian-lts-announce/2019/08/msg00001.html"},{"refsource":"MLIST","name":"[debian-lts-announce] 20190802 [SECURITY] [DLA 1870-1] thunderbird security update","url":"https://lists.debian.org/debian-lts-announce/2019/08/msg00002.html"},{"refsource":"GENTOO","name":"GLSA-201908-12","url":"https://security.gentoo.org/glsa/201908-12"},{"refsource":"GENTOO","name":"GLSA-201908-20","url":"https://security.gentoo.org/glsa/201908-20"},{"refsource":"SUSE","name":"openSUSE-SU-2019:1990","url":"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00073.html"},{"refsource":"SUSE","name":"openSUSE-SU-2019:2248","url":"http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00010.html"},{"refsource":"SUSE","name":"openSUSE-SU-2019:2249","url":"http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00009.html"}]},"description":{"description_data":[{"lang":"eng","value":"Due to an error while parsing page content, it is possible for properly sanitized user input to be misinterpreted and lead to XSS hazards on web sites in certain circumstances. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8."}]}},"nvd":{"publishedDate":"2019-07-23 14:15:00","lastModifiedDate":"2019-07-29 16:15:00","problem_types":["CWE-79"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE","baseScore":6.1,"baseSeverity":"MEDIUM"},"exploitabilityScore":2.8,"impactScore":2.7},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE","baseScore":4.3},"severity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*","versionEndExcluding":"68.0","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*","versionEndExcluding":"60.8.0","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*","versionEndExcluding":"60.8.0","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2019","CveId":"11715","Ordinal":"150037","Title":"CVE-2019-11715","CVE":"CVE-2019-11715","Year":"2019"},"notes":[{"CveYear":"2019","CveId":"11715","Ordinal":"1","NoteData":"Due to an error while parsing page content, it is possible for properly sanitized user input to be misinterpreted and lead to XSS hazards on web sites in certain circumstances. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8.","Type":"Description","Title":null},{"CveYear":"2019","CveId":"11715","Ordinal":"2","NoteData":"2019-07-23","Type":"Other","Title":"Published"},{"CveYear":"2019","CveId":"11715","Ordinal":"3","NoteData":"2019-10-04","Type":"Other","Title":"Modified"}]}}}