CVE-2020-15676
CVSS v3.1
6.1 (Medium)
CVSS v2.0
4.3 (Medium)
EPSS
0.66 % (80th)
Affected Products
5
Advisories
30
Firefox sometimes ran the onload handler for SVG elements that the DOM sanitizer decided to remove, resulting in JavaScript being executed after pasting attacker-controlled data into a contenteditable element. This vulnerability affects Firefox < 81, Thunderbird < 78.3, and Firefox ESR < 78.3.
Weaknesses
- CWE-79
- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
- CVE Status
- PUBLISHED
- CNA
- Mozilla Corporation
- Published Date
-
2020-10-01 19:15:13
(4 years ago) - Updated Date
-
2022-11-16 15:12:52
(22 months ago)
Affected Products
Loading...
Loading...
Loading...
Configuration #1
|
Configuration #2
|
Configuration #3
|
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...