CVE-2020-15676 - log back

CVE-2020-15676 edited at 23 Sep 2020 15:14:37
Severity
- Unknown
+ Medium
Remote
- Unknown
+ Local
Type
- Unknown
+ Cross-site scripting
Description
+ Firefox before 81.0 sometimes ran the onload handler for SVG elements that the DOM sanitizer decided to remove, resulting in JavaScript being executed after pasting attacker-controlled data into a content-editable element.
References
+ https://www.mozilla.org/en-US/security/advisories/mfsa2020-42/#CVE-2020-15676
+ https://bugzilla.mozilla.org/show_bug.cgi?id=1646140
Notes
CVE-2020-15676 created at 23 Sep 2020 15:04:49