Vulnerabilities

CVE-2020-26956

by Fred · 08/12/2020

In some cases, removing HTML elements during sanitization would keep existing SVG event handlers and therefore lead to XSS. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5. Date published : 2020-12-08 https://www.mozilla.org/security/advisories/mfsa2020-50/

https://www.mozilla.org/security/advisories/mfsa2020-51/

Similar

Tags: Cybersecurity Alert