PT-2020-19229 · Mozilla+5 · Firefox+7
Terjanq
·
Published
2020-02-11
·
Updated
2024-12-12
·
CVE-2020-6798
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Thunderbird versions prior to 68.5
Firefox versions prior to 73
Firefox ESR versions prior to 68.5
Description
The issue arises when a template tag is used in a select tag, causing the parser to be confused and potentially allowing JavaScript parsing and execution where it should not be allowed. This could lead to a cross-site scripting issue for sites relying on correct browser behavior. The risk is more significant in browser or browser-like contexts, rather than in email clients like Thunderbird, where scripting is disabled during mail reading.
Recommendations
For Thunderbird versions prior to 68.5, update to version 68.5 or later.
For Firefox versions prior to 73, update to version 73 or later.
For Firefox ESR versions prior to 68.5, update to version 68.5 or later.
Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Alt Linux
Centos
Firefox
Firefox Esr
Red Hat
Suse
Thunderbird
Ubuntu