CVE-2020-26973 log

Source
Severity High
Remote Yes
Type Content spoofing
Description
A security issue was found in Firefox before 84.0 and Thunderbird before 78.6 where certain input to the CSS Sanitizer confused it, resulting in incorrect components being removed. This could have been used as a sanitizer bypass.
Group Package Affected Fixed Severity Status Ticket
AVG-1362 firefox 83.0-2 84.0-1 High Fixed
AVG-1315 thunderbird 78.5.0-1 78.6.0-1 High Fixed FS#68853
Date Advisory Group Package Severity Type
16 Dec 2020 ASA-202012-25 AVG-1362 firefox High multiple issues
16 Dec 2020 ASA-202012-23 AVG-1315 thunderbird High multiple issues
References
https://www.mozilla.org/en-US/security/advisories/mfsa2020-54/#CVE-2020-26973
https://www.mozilla.org/en-US/security/advisories/mfsa2020-56/#CVE-2020-26973
https://bugzilla.mozilla.org/show_bug.cgi?id=1680084