Unrated severityNVD Advisory· Published Dec 9, 2020· Updated Aug 4, 2024
CVE-2020-26951
CVE-2020-26951
Description
A parsing and event loading mismatch in Firefox's SVG code could have allowed load events to fire, even after sanitization. An attacker already capable of exploiting an XSS vulnerability in privileged internal pages could have used this attack to bypass our built-in sanitizer. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
36<78.5+ 3 more
- (no CPE)range: <78.5
- (no CPE)range: <83
- (no CPE)range: < 83
- (no CPE)range: < 78.5
<78.5+ 1 more
- (no CPE)range: <78.5
- (no CPE)range: < 78.5
- osv-coords30 versionspkg:rpm/opensuse/firefox-esr&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/MozillaFirefox&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/MozillaFirefox&distro=openSUSE%20Leap%2015.2pkg:rpm/opensuse/MozillaFirefox&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/MozillaThunderbird&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/MozillaThunderbird&distro=openSUSE%20Leap%2015.2pkg:rpm/opensuse/MozillaThunderbird&distro=openSUSE%20Tumbleweedpkg:rpm/suse/MozillaFirefox&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Enterprise%20Storage%205pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP1pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP2pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4-LTSSpkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCLpkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-LTSSpkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-BCLpkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-LTSSpkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4-LTSSpkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5pkg:rpm/suse/MozillaFirefox&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/MozillaFirefox&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/MozillaFirefox&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/MozillaFirefox&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/MozillaFirefox&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/MozillaThunderbird&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015%20SP1pkg:rpm/suse/MozillaThunderbird&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015%20SP2
< 128.5.1-1.1+ 29 more
- (no CPE)range: < 128.5.1-1.1
- (no CPE)range: < 78.5.0-lp151.2.79.1
- (no CPE)range: < 78.5.0-lp152.2.30.1
- (no CPE)range: < 92.0-1.2
- (no CPE)range: < 78.5.0-lp151.2.59.1
- (no CPE)range: < 78.5.0-lp152.2.19.1
- (no CPE)range: < 91.1.1-1.1
- (no CPE)range: < 78.5.0-112.36.1
- (no CPE)range: < 78.5.0-112.36.1
- (no CPE)range: < 78.5.0-3.119.1
- (no CPE)range: < 78.5.0-8.17.1
- (no CPE)range: < 78.5.0-78.105.1
- (no CPE)range: < 78.5.0-112.36.1
- (no CPE)range: < 78.5.0-112.36.1
- (no CPE)range: < 78.5.0-112.36.1
- (no CPE)range: < 78.5.0-112.36.1
- (no CPE)range: < 78.5.0-112.36.1
- (no CPE)range: < 78.5.0-112.36.1
- (no CPE)range: < 78.5.0-112.36.1
- (no CPE)range: < 78.5.0-112.36.1
- (no CPE)range: < 78.5.0-112.36.1
- (no CPE)range: < 78.5.0-112.36.1
- (no CPE)range: < 78.5.0-112.36.1
- (no CPE)range: < 78.5.0-112.36.1
- (no CPE)range: < 78.5.0-112.36.1
- (no CPE)range: < 78.5.0-112.36.1
- (no CPE)range: < 78.5.0-112.36.1
- (no CPE)range: < 78.5.0-112.36.1
- (no CPE)range: < 78.5.0-3.107.1
- (no CPE)range: < 78.5.0-3.107.1
Patches
Vulnerability mechanics
References
4- bugzilla.mozilla.org/show_bug.cgimitrex_refsource_MISC
- www.mozilla.org/security/advisories/mfsa2020-50/mitrex_refsource_CONFIRM
- www.mozilla.org/security/advisories/mfsa2020-51/mitrex_refsource_CONFIRM
- www.mozilla.org/security/advisories/mfsa2020-52/mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.