---

CVE-2020-12391 - log back

CVE-2020-12391 edited at 06 May 2020 09:35:50
Description	- Documents formed using data: URLs in an object element failed to inherit the CSP of the creating context. This allowed the execution of scripts that should have been blocked, albeit with a unique opaque origin. + Documents formed using data: URLs in an object element failed to inherit the CSP of the creating context in Firefox before 76.0. This allowed the execution of scripts that should have been blocked, albeit with a unique opaque origin.
References	+ https://www.mozilla.org/en-US/security/advisories/mfsa2020-16/#CVE-2020-12391 https://bugzilla.mozilla.org/show_bug.cgi?id=1457100

CVE-2020-12391 edited at 05 May 2020 17:22:53
Type	- Unknown + Arbitrary code execution

CVE-2020-12391 edited at 05 May 2020 17:22:41
Severity	- Unknown + Medium
Remote	- Unknown + Remote
Description	+ Documents formed using data: URLs in an object element failed to inherit the CSP of the creating context. This allowed the execution of scripts that should have been blocked, albeit with a unique opaque origin.
References	+ https://bugzilla.mozilla.org/show_bug.cgi?id=1457100
Notes

CVE-2020-12391 created at 05 May 2020 17:16:55