[Forgot Password]
Login  Register Subscribe

26408

 
 

132812

 
 

151852

 
 

909

 
 

121381

 
 

163

Paid content will be excluded from the download.


Download | Alert*
OVAL

XSS when pasting attacker-controlled data into a contenteditable element - CVE-2020-15676

ID: oval:org.secpod.oval:def:65685Date: (C)2020-09-23   (M)2020-10-19
Class: VULNERABILITYFamily: windows




Mozilla Firefox 81, Mozilla Firefox ESR 78.3, Mozilla Thunderbird 78.3 : Firefox sometimes ran the onload handler for SVG elements that the DOM sanitizer decided to remove, resulting in JavaScript being executed after pasting attacker-controlled data into a contenteditable element.

Platform:
Microsoft Windows Server 2008
Microsoft Windows 7
Microsoft Windows 8.1
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Microsoft Windows Server 2016
Microsoft Windows Server 2019
Microsoft Windows Server 2012 R2
Microsoft Windows 10
Product:
Mozilla Firefox
Mozilla Firefox ESR
Mozilla Thunderbird
Reference:
CVE-2020-15676
CVE    1
CVE-2020-15676

© SecPod Technologies