CVE-2020-26973 - log back

CVE-2020-26973 edited at 15 Dec 2020 17:22:20
Description
- A security issue was found in Firefox before 84.0 where certain input to the CSS Sanitizer confused it, resulting in incorrect components being removed. This could have been used as a sanitizer bypass.
+ A security issue was found in Firefox before 84.0 and Thunderbird before 78.6 where certain input to the CSS Sanitizer confused it, resulting in incorrect components being removed. This could have been used as a sanitizer bypass.
References
https://www.mozilla.org/en-US/security/advisories/mfsa2020-54/#CVE-2020-26973
+ https://www.mozilla.org/en-US/security/advisories/mfsa2020-56/#CVE-2020-26973
https://bugzilla.mozilla.org/show_bug.cgi?id=1680084
CVE-2020-26973 edited at 15 Dec 2020 16:55:20
Severity
- Unknown
+ High
Remote
- Unknown
+ Remote
Type
- Unknown
+ Content spoofing
Description
+ A security issue was found in Firefox before 84.0 where certain input to the CSS Sanitizer confused it, resulting in incorrect components being removed. This could have been used as a sanitizer bypass.
References
+ https://www.mozilla.org/en-US/security/advisories/mfsa2020-54/#CVE-2020-26973
+ https://bugzilla.mozilla.org/show_bug.cgi?id=1680084
Notes
CVE-2020-26973 created at 15 Dec 2020 16:48:51