Описание
Firefox sometimes ran the onload handler for SVG elements that the DOM sanitizer decided to remove, resulting in JavaScript being executed after pasting attacker-controlled data into a contenteditable element. This vulnerability affects Firefox < 81, Thunderbird < 78.3, and Firefox ESR < 78.3.
The Mozilla Foundation Security Advisory describes this flaw as:
Firefox sometimes ran the onload handler for SVG elements that the DOM sanitizer decided to remove, resulting in JavaScript being executed after pasting attacker-controlled data into a contenteditable element.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | firefox | Out of support scope | ||
| Red Hat Enterprise Linux 5 | thunderbird | Out of support scope | ||
| Red Hat Enterprise Linux 6 | firefox | Fixed | RHSA-2020:3835 | 24.09.2020 |
| Red Hat Enterprise Linux 6 | thunderbird | Fixed | RHSA-2020:4158 | 01.10.2020 |
| Red Hat Enterprise Linux 7 | firefox | Fixed | RHSA-2020:4080 | 30.09.2020 |
| Red Hat Enterprise Linux 7 | thunderbird | Fixed | RHSA-2020:4163 | 01.10.2020 |
| Red Hat Enterprise Linux 8 | firefox | Fixed | RHSA-2020:3832 | 24.09.2020 |
| Red Hat Enterprise Linux 8 | thunderbird | Fixed | RHSA-2020:4155 | 01.10.2020 |
| Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions | firefox | Fixed | RHSA-2020:3834 | 24.09.2020 |
| Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions | thunderbird | Fixed | RHSA-2020:4156 | 01.10.2020 |
Показывать по
Дополнительная информация
Статус:
EPSS
6.1 Medium
CVSS3
Связанные уязвимости
Firefox sometimes ran the onload handler for SVG elements that the DOM sanitizer decided to remove, resulting in JavaScript being executed after pasting attacker-controlled data into a contenteditable element. This vulnerability affects Firefox < 81, Thunderbird < 78.3, and Firefox ESR < 78.3.
Firefox sometimes ran the onload handler for SVG elements that the DOM sanitizer decided to remove, resulting in JavaScript being executed after pasting attacker-controlled data into a contenteditable element. This vulnerability affects Firefox < 81, Thunderbird < 78.3, and Firefox ESR < 78.3.
Firefox sometimes ran the onload handler for SVG elements that the DOM ...
Firefox sometimes ran the onload handler for SVG elements that the DOM sanitizer decided to remove, resulting in JavaScript being executed after pasting attacker-controlled data into a contenteditable element. This vulnerability affects Firefox < 81, Thunderbird < 78.3, and Firefox ESR < 78.3.
EPSS
6.1 Medium
CVSS3