← voltar
CVE-2020-26951

CVE-2020-26951

EPSS 1.0%
Vexday Risk Score
3Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS EPSS 1.0%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
09 dez 2020Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
A parsing and event loading mismatch in Firefox's SVG code could have allowed load events to fire, even after sanitization. An attacker already capable of exploiting an XSS vulnerability in privileged internal pages could have used this attack to bypass our built-in sanitizer. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5.
Produtos afetados
Mozilla · FirefoxMozilla · Firefox ESRMozilla · Thunderbird

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://bugzilla.mozilla.org/show_bug.cgi?id=1667113https://www.mozilla.org/security/advisories/mfsa2020-50/https://www.mozilla.org/security/advisories/mfsa2020-51/https://www.mozilla.org/security/advisories/mfsa2020-52/