CVE-2020-26951 log

Severity High
Remote Yes
Type Access restriction bypass
A parsing and event loading mismatch has been found in Firefox's SVG code before 83.0 and could have allowed load events to fire, even after sanitization. An attacker already capable of exploiting an XSS vulnerability in privileged internal pages could have used this attack to bypass the built-in sanitizer.
Group Package Affected Fixed Severity Status Ticket
AVG-1279 firefox 82.0.3-1 83.0-1 Critical Fixed
Date Advisory Group Package Severity Type
17 Nov 2020 ASA-202011-12 AVG-1279 firefox Critical multiple issues