CVE-2020-12391 log

Severity Medium
Remote Yes
Type Arbitrary code execution
Documents formed using data: URLs in an object element failed to inherit the CSP of the creating context in Firefox before 76.0. This allowed the execution of scripts that should have been blocked, albeit with a unique opaque origin.
Group Package Affected Fixed Severity Status Ticket
AVG-1148 firefox 75.0-1 76.0-1 Critical Fixed
Date Advisory Group Package Severity Type
06 May 2020 ASA-202005-3 AVG-1148 firefox Critical multiple issues