---

CVE-2020-15676 - log back

CVE-2020-15676 edited at 23 Sep 2020 15:14:37
Severity	- Unknown + Medium
Remote	- Unknown + Local
Type	- Unknown + Cross-site scripting
Description	+ Firefox before 81.0 sometimes ran the onload handler for SVG elements that the DOM sanitizer decided to remove, resulting in JavaScript being executed after pasting attacker-controlled data into a content-editable element.
References	+ https://www.mozilla.org/en-US/security/advisories/mfsa2020-42/#CVE-2020-15676 + https://bugzilla.mozilla.org/show_bug.cgi?id=1646140
Notes

CVE-2020-15676 created at 23 Sep 2020 15:04:49