Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2020-15676

Опубликовано: 01 окт. 2020
Источник: debian
EPSS Низкий

Описание

Firefox sometimes ran the onload handler for SVG elements that the DOM sanitizer decided to remove, resulting in JavaScript being executed after pasting attacker-controlled data into a contenteditable element. This vulnerability affects Firefox < 81, Thunderbird < 78.3, and Firefox ESR < 78.3.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
firefoxfixed81.0-1package
firefox-esrfixed78.3.0esr-1package
thunderbirdfixed1:78.3.1-1package

Примечания

  • https://www.mozilla.org/en-US/security/advisories/mfsa2020-42/#CVE-2020-15676

  • https://www.mozilla.org/en-US/security/advisories/mfsa2020-43/#CVE-2020-15676

  • https://www.mozilla.org/en-US/security/advisories/mfsa2020-44/#CVE-2020-15676

EPSS

Процентиль: 79%
0.01265
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2020-15676

CVSS3: 6.1
ubuntu
почти 5 лет назад

Firefox sometimes ran the onload handler for SVG elements that the DOM sanitizer decided to remove, resulting in JavaScript being executed after pasting attacker-controlled data into a contenteditable element. This vulnerability affects Firefox < 81, Thunderbird < 78.3, and Firefox ESR < 78.3.

redhat логотип

CVE-2020-15676

CVSS3: 6.1
redhat
почти 5 лет назад

Firefox sometimes ran the onload handler for SVG elements that the DOM sanitizer decided to remove, resulting in JavaScript being executed after pasting attacker-controlled data into a contenteditable element. This vulnerability affects Firefox < 81, Thunderbird < 78.3, and Firefox ESR < 78.3.

nvd логотип

CVE-2020-15676

CVSS3: 6.1
nvd
почти 5 лет назад

Firefox sometimes ran the onload handler for SVG elements that the DOM sanitizer decided to remove, resulting in JavaScript being executed after pasting attacker-controlled data into a contenteditable element. This vulnerability affects Firefox < 81, Thunderbird < 78.3, and Firefox ESR < 78.3.

github логотип

GHSA-m5jf-7x3g-f295

CVSS3: 6.1
github
больше 3 лет назад

Firefox sometimes ran the onload handler for SVG elements that the DOM sanitizer decided to remove, resulting in JavaScript being executed after pasting attacker-controlled data into a contenteditable element. This vulnerability affects Firefox < 81, Thunderbird < 78.3, and Firefox ESR < 78.3.

suse-cvrf логотип

openSUSE-SU-2020:1574-1

suse-cvrf
почти 5 лет назад

Security update for MozillaFirefox

EPSS

Процентиль: 79%
0.01265
Низкий