PT-2020-4962 · Mozilla+6 · Firefox+8

Irvan Kurniawan

+1

·

Published

2020-11-17

·

Updated

2024-12-12

·

CVE-2020-26951

CVSS v2.0

7.6

High

VectorAV:N/AC:H/Au:N/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions Firefox versions prior to 83 Firefox ESR versions prior to 78.5 Thunderbird versions prior to 78.5
Description A parsing and event loading mismatch in Firefox's SVG code could have allowed load events to fire, even after sanitization. This issue could be exploited by an attacker already capable of exploiting an XSS vulnerability in privileged internal pages to bypass the built-in sanitizer. The vulnerability is related to a lack of integrity checking, which could allow a remote attacker to conduct cross-site scripting (XSS) attacks.
Recommendations For Firefox versions prior to 83, update to version 83 or later to resolve the issue. For Firefox ESR versions prior to 78.5, update to version 78.5 or later to resolve the issue. For Thunderbird versions prior to 78.5, update to version 78.5 or later to resolve the issue.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-354CWE-79

Related Identifiers

ALT-PU-2020-3340
ALT-PU-2020-3379
ALT-PU-2020-3384
ALT-PU-2020-3386
ALT-PU-2020-3424
ALT-PU-2021-1368
ALT-PU-2021-1369
ALT-PU-2021-2725
ALT-PU-2021-2881
ALT-PU-2021-3368
ALT-PU-2021-3369
ALT-PU-2022-1781
ALT-PU-2022-1782
BDU:2020-05537
CESA-2020_5235
CESA-2020_5236
CESA-2020_5237
CESA-2020_5239
CVE-2020-26951
DLA-2457-1
DLA-2464-1
DSA-4793-1
DSA-4796-1
MGASA-2020-0427
MGASA-2020-0433
OESA-2023-1672
OESA-2023-1673
OESA-2023-1674
OPENSUSE-SU-2020:2020-1
OPENSUSE-SU-2020:2031-1
OPENSUSE-SU-2020:2096-1
OPENSUSE-SU-2020:2187-1
OPENSUSE-SU-2020:2315-1
OPENSUSE-SU-2020_2020-1
OPENSUSE-SU-2020_2031-1
OPENSUSE-SU-2020_2096-1
OPENSUSE-SU-2020_2187-1
OPENSUSE-SU-2020_2315-1
OPENSUSE-SU-2024:10600-1
OPENSUSE-SU-2024:10601-1
OPENSUSE-SU-2024:14572-1
RHSA-2020:5231
RHSA-2020:5232
RHSA-2020:5233
RHSA-2020:5234
RHSA-2020:5235
RHSA-2020:5236
RHSA-2020:5237
RHSA-2020:5238
RHSA-2020:5239
RHSA-2020:5240
RHSA-2020:5257
RHSA-2020:5314
RHSA-2020_5235
RHSA-2020_5236
RHSA-2020_5237
RHSA-2020_5238
RHSA-2020_5239
RHSA-2020_5257
SUSE-SU-2020:14548-1
SUSE-SU-2020:3383-1
SUSE-SU-2020:3458-1
SUSE-SU-2020:3528-1
SUSE-SU-2020:3548-1
SUSE-SU-2020_14548-1
USN-4637-1
USN-4637-2
USN-4647-1

Affected Products

Alt Linux
Centos
Firefox
Firefox Esr
Linuxmint
Red Hat
Suse
Thunderbird
Ubuntu