{"id":"CVE-2019-11744","details":"Some HTML elements, such as <title> and <textarea>, can contain literal angle brackets without treating them as markup. It is possible to pass a literal closing tag to .innerHTML on these elements, and subsequent content after that will be parsed as if it were outside the tag. This can lead to XSS if a site does not filter user input as strictly for these elements as it does for other elements. This vulnerability affects Firefox \u003c 69, Thunderbird \u003c 68.1, Thunderbird \u003c 60.9, Firefox ESR \u003c 60.9, and Firefox ESR \u003c 68.1.","modified":"2026-03-15T22:29:13.752235Z","published":"2019-09-27T18:15:12.130Z","related":["MGASA-2019-0267","MGASA-2019-0268","MGASA-2019-0275","MGASA-2019-0285","SUSE-SU-2019:14173-1","SUSE-SU-2019:14246-1","SUSE-SU-2019:2436-1","SUSE-SU-2019:2515-1","SUSE-SU-2019:2545-1","SUSE-SU-2019:2620-1","openSUSE-SU-2019:2248-1","openSUSE-SU-2019:2249-1","openSUSE-SU-2019:2251-1","openSUSE-SU-2019:2260-1","openSUSE-SU-2024:10600-1","openSUSE-SU-2024:10601-1","openSUSE-SU-2024:14572-1"],"references":[{"type":"WEB","url":"http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00009.html"},{"type":"WEB","url":"http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00010.html"},{"type":"WEB","url":"http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00011.html"},{"type":"WEB","url":"https://usn.ubuntu.com/4150-1/"},{"type":"WEB","url":"http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00017.html"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/201911-07"},{"type":"ADVISORY","url":"https://www.mozilla.org/security/advisories/mfsa2019-27/"},{"type":"ADVISORY","url":"https://www.mozilla.org/security/advisories/mfsa2019-30/"},{"type":"ADVISORY","url":"https://www.mozilla.org/security/advisories/mfsa2019-25/"},{"type":"ADVISORY","url":"https://www.mozilla.org/security/advisories/mfsa2019-26/"},{"type":"ADVISORY","url":"https://www.mozilla.org/security/advisories/mfsa2019-29/"},{"type":"REPORT","url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1562033"}],"affected":[{"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"fixed":"60.9"}]},{"events":[{"introduced":"0"},{"fixed":"69.0"}]},{"events":[{"introduced":"68.0"},{"fixed":"68.1"}]},{"events":[{"introduced":"0"},{"fixed":"60.9"}]},{"events":[{"introduced":"68.0"},{"fixed":"68.1"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-11744.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}]}