CVE-2020-26239

Name of the Vulnerable Software and Affected Versions Scratch Addons versions prior to 1.3.2

Description The issue is related to a DOM-based XSS vulnerability. When a victim visits a specific website, the More Links addon of the Scratch Addons extension incorrectly uses a regular expression, causing HTML-escaped values to be unescaped and leading to XSS.

Recommendations For versions prior to 1.3.2, update to version 1.3.2 to fix the bug, as the extension will be automatically updated by the browser. As a temporary workaround, consider disabling the More Links addon via the extension's options until the update is applied.