Launchpad.net

CVE 2019-11720

Some unicode characters are incorrectly treated as whitespace during the parsing of web content instead of triggering parsing errors. This allows malicious code to then be processed, evading cross-site scripting (XSS) filtering. This vulnerability affects Firefox < 68.

See the CVE page on Mitre.org for more details.