CVE-2020-26951 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	High
Remote	Yes
Type	Access restriction bypass
Description	A parsing and event loading mismatch has been found in Firefox's SVG code before 83.0 and could have allowed load events to fire, even after sanitization. An attacker already capable of exploiting an XSS vulnerability in privileged internal pages could have used this attack to bypass the built-in sanitizer.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-1279	firefox	82.0.3-1	83.0-1	Critical	Fixed

Date	Advisory	Group	Package	Severity	Type
17 Nov 2020	ASA-202011-12	AVG-1279	firefox	Critical	multiple issues

References
https://www.mozilla.org/en-US/security/advisories/mfsa2020-50/#CVE-2020-26951 https://bugzilla.mozilla.org/show_bug.cgi?id=1667113