PT-2020-16571 · Mozilla+6 · Firefox+8

Irvan Kurniawan

+1

·

Published

2020-11-17

·

Updated

2024-12-12

·

CVE-2020-26956

CVSS v3.1

6.1

Medium

VectorAV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Name of the Vulnerable Software and Affected Versions Firefox versions prior to 83 Firefox ESR versions prior to 78.5 Thunderbird versions prior to 78.5
Description The issue arises when removing HTML elements during sanitization, which can lead to existing SVG event handlers being retained, resulting in cross-site scripting (XSS).
Recommendations For Firefox versions prior to 83, update to version 83 or later. For Firefox ESR versions prior to 78.5, update to version 78.5 or later. For Thunderbird versions prior to 78.5, update to version 78.5 or later.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

ALT-PU-2020-3340
ALT-PU-2020-3379
ALT-PU-2020-3384
ALT-PU-2020-3386
ALT-PU-2020-3424
ALT-PU-2021-1368
ALT-PU-2021-1369
ALT-PU-2021-2725
ALT-PU-2021-2881
ALT-PU-2021-3368
ALT-PU-2021-3369
ALT-PU-2022-1781
ALT-PU-2022-1782
CESA-2020_5235
CESA-2020_5236
CESA-2020_5237
CESA-2020_5239
CVE-2020-26956
DLA-2457-1
DLA-2464-1
DSA-4793-1
DSA-4796-1
MGASA-2020-0427
MGASA-2020-0433
OESA-2023-1672
OESA-2023-1673
OESA-2023-1674
OPENSUSE-SU-2020:2020-1
OPENSUSE-SU-2020:2031-1
OPENSUSE-SU-2020:2096-1
OPENSUSE-SU-2020:2187-1
OPENSUSE-SU-2020:2315-1
OPENSUSE-SU-2020_2020-1
OPENSUSE-SU-2020_2031-1
OPENSUSE-SU-2020_2096-1
OPENSUSE-SU-2020_2187-1
OPENSUSE-SU-2020_2315-1
OPENSUSE-SU-2024:10600-1
OPENSUSE-SU-2024:10601-1
OPENSUSE-SU-2024:14572-1
RHSA-2020:5231
RHSA-2020:5232
RHSA-2020:5233
RHSA-2020:5234
RHSA-2020:5235
RHSA-2020:5236
RHSA-2020:5237
RHSA-2020:5238
RHSA-2020:5239
RHSA-2020:5240
RHSA-2020:5257
RHSA-2020:5314
RHSA-2020_5235
RHSA-2020_5236
RHSA-2020_5237
RHSA-2020_5238
RHSA-2020_5239
RHSA-2020_5257
SUSE-SU-2020:14548-1
SUSE-SU-2020:3383-1
SUSE-SU-2020:3458-1
SUSE-SU-2020:3528-1
SUSE-SU-2020:3548-1
SUSE-SU-2020_14548-1
USN-4637-1
USN-4637-2
USN-4647-1

Affected Products

Alt Linux
Centos
Firefox
Firefox Esr
Linuxmint
Red Hat
Suse
Thunderbird
Ubuntu