CVE-2020-26951

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2020-26951

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-26951.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2020-26951

Downstream

DEBIAN-CVE-2020-26951

DLA-2457-1

DLA-2464-1

DSA-4793-1

DSA-4796-1

OESA-2023-1672

OESA-2023-1673

OESA-2023-1674

RHSA-2020:5231

RHSA-2020:5232

RHSA-2020:5233

RHSA-2020:5234

RHSA-2020:5235

RHSA-2020:5236

RHSA-2020:5237

RHSA-2020:5238

RHSA-2020:5239

RHSA-2020:5240

RHSA-2020:5257

RHSA-2020:5314

SUSE-SU-2020:14548-1

SUSE-SU-2020:3383-1

SUSE-SU-2020:3458-1

SUSE-SU-2020:3528-1

SUSE-SU-2020:3548-1

UBUNTU-CVE-2020-26951

USN-4637-1

USN-4637-2

openSUSE-SU-2020:2020-1

openSUSE-SU-2020:2031-1

openSUSE-SU-2020:2096-1

openSUSE-SU-2020:2187-1

openSUSE-SU-2020:2315-1

openSUSE-SU-2024:10600-1

openSUSE-SU-2024:10601-1

openSUSE-SU-2024:14572-1

Related

Published

2020-12-09T01:15:12Z

Modified

2025-08-09T19:01:27Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

A parsing and event loading mismatch in Firefox's SVG code could have allowed load events to fire, even after sanitization. An attacker already capable of exploiting an XSS vulnerability in privileged internal pages could have used this attack to bypass our built-in sanitizer. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5.

References

Affected packages