CVE-2020-15676
published 2020-10-01CVE-2020-15676: Firefox sometimes ran the onload handler for SVG elements that the DOM sanitizer decided to remove, resulting in JavaScript being executed after pasting…
PriorityP426medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EPSS
1.59%
72.7th percentile
Firefox sometimes ran the onload handler for SVG elements that the DOM sanitizer decided to remove, resulting in JavaScript being executed after pasting attacker-controlled data into a contenteditable element. This vulnerability affects Firefox < 81, Thunderbird < 78.3, and Firefox ESR < 78.3.
Affected
18 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | firefox | < firefox 81.0-1 (sid) | firefox 81.0-1 (sid) |
| debian | firefox-esr | < firefox 81.0-1 (sid) | firefox 81.0-1 (sid) |
| debian | thunderbird | < firefox 81.0-1 (sid) | firefox 81.0-1 (sid) |
| mozilla | firefox | < 81.0 | 81.0 |
| mozilla | firefox | — | — |
| mozilla | firefox | >= unspecified < 81 | 81 |
| mozilla | firefox_esr | < 78.3 | 78.3 |
| mozilla | firefox_esr | >= unspecified < 78.3 | 78.3 |
| mozilla | thunderbird | < 78.3 | 78.3 |
| mozilla | thunderbird | >= 0 < 1:78.3.1-1 | 1:78.3.1-1 |
| mozilla | thunderbird | >= 0 < 1:78.3.1-1 | 1:78.3.1-1 |
| mozilla | thunderbird | >= 0 < 1:78.3.1-1 | 1:78.3.1-1 |
| mozilla | thunderbird | >= 0 < 1:78.3.1-1 | 1:78.3.1-1 |
| mozilla | thunderbird | >= unspecified < 78.3 | 78.3 |
| opensuse | leap | — | — |
| opensuse | leap | — | — |
CVSS provenance
nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
osv6.1MEDIUM
vendor_debian6.1MEDIUM
vendor_redhat6.1MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
Firefox vulnerabilities
vendor_ubuntu·2020-09-28
CVE-2020-15673 Firefox vulnerabilities
Title: Firefox vulnerabilities
Summary: Firefox could be made to crash or run programs as your login if it
opened a malicious website.
Multiple security issues were discovered in Firefox. If a user were
tricked in to opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service, conduct cross-site
scripting (XSS) attacks, spoof the site displayed in the download dialog,
or execute arbitrary code.
Instructions: After a standard system update you need to restart Firefox to make
all the necessary changes.
Red Hat
Mozilla: XSS when pasting attacker-controlled data into a contenteditable element
vendor_redhat·2020-09-22·CVSS 6.1
CVE-2020-15676 [MEDIUM] CWE-79 Mozilla: XSS when pasting attacker-controlled data into a contenteditable element
Mozilla: XSS when pasting attacker-controlled data into a contenteditable element
Firefox sometimes ran the onload handler for SVG elements that the DOM sanitizer decided to remove, resulting in JavaScript being executed after pasting attacker-controlled data into a contenteditable element. This vulnerability affects Firefox < 81, Thunderbird < 78.3, and Firefox ESR < 78.3.
The Mozilla Foundation Security Advisory describes this flaw as:
Firefox sometimes ran the onload handler for SVG elements that the DOM sanitizer decided to remove, resulting in JavaScript being executed after pasting attacker-controlled data into a contenteditable element.
Package: firefox (Red Hat Enterprise Linux 5) - Out of support scope
Package: thunderbird (Red Hat Enterprise Linux 5) - Out of support scope
Debian
CVE-2020-15676: firefox - Firefox sometimes ran the onload handler for SVG elements that the DOM sanitizer...
vendor_debian·2020·CVSS 6.1
CVE-2020-15676 [MEDIUM] CVE-2020-15676: firefox - Firefox sometimes ran the onload handler for SVG elements that the DOM sanitizer...
Firefox sometimes ran the onload handler for SVG elements that the DOM sanitizer decided to remove, resulting in JavaScript being executed after pasting attacker-controlled data into a contenteditable element. This vulnerability affects Firefox < 81, Thunderbird < 78.3, and Firefox ESR < 78.3.
Scope: local
sid: resolved (fixed in 81.0-1)
Mozilla
Mozilla Foundation Security Advisory 2020-42: CVE-2020-15676
vendor_mozilla·CVSS 6.1
CVE-2020-15676 [MEDIUM] Mozilla Foundation Security Advisory 2020-42: CVE-2020-15676
Mozilla Foundation Security Advisory 2020-42
CVE: CVE-2020-15676
Product: Firefox
Impact: high
Fixed in: Firefox 81
Mozilla
Mozilla Foundation Security Advisory 2020-44: CVE-2020-15676
vendor_mozilla·CVSS 6.1
CVE-2020-15676 [MEDIUM] Mozilla Foundation Security Advisory 2020-44: CVE-2020-15676
Mozilla Foundation Security Advisory 2020-44
CVE: CVE-2020-15676
Product: Thunderbird
Impact: high
Fixed in: Thunderbird 78.3
Mozilla
Mozilla Foundation Security Advisory 2020-43: CVE-2020-15676
vendor_mozilla·CVSS 6.1
CVE-2020-15676 [MEDIUM] Mozilla Foundation Security Advisory 2020-43: CVE-2020-15676
Mozilla Foundation Security Advisory 2020-43
CVE: CVE-2020-15676
Product: Firefox ESR
Impact: high
Fixed in: Firefox ESR 78.3
GHSA
GHSA-m5jf-7x3g-f295: Firefox sometimes ran the onload handler for SVG elements that the DOM sanitizer decided to remove, resulting in JavaScript being executed after pasti
ghsa_unreviewed·2022-05-24
CVE-2020-15676 [MEDIUM] CWE-79 GHSA-m5jf-7x3g-f295: Firefox sometimes ran the onload handler for SVG elements that the DOM sanitizer decided to remove, resulting in JavaScript being executed after pasti
Firefox sometimes ran the onload handler for SVG elements that the DOM sanitizer decided to remove, resulting in JavaScript being executed after pasting attacker-controlled data into a contenteditable element. This vulnerability affects Firefox < 81, Thunderbird < 78.3, and Firefox ESR < 78.3.
OSV
CVE-2020-15676: Firefox sometimes ran the onload handler for SVG elements that the DOM sanitizer decided to remove, resulting in JavaScript being executed after pasti
osv·2020-10-01·CVSS 6.1
CVE-2020-15676 [MEDIUM] CVE-2020-15676: Firefox sometimes ran the onload handler for SVG elements that the DOM sanitizer decided to remove, resulting in JavaScript being executed after pasti
Firefox sometimes ran the onload handler for SVG elements that the DOM sanitizer decided to remove, resulting in JavaScript being executed after pasting attacker-controlled data into a contenteditable element. This vulnerability affects Firefox < 81, Thunderbird < 78.3, and Firefox ESR < 78.3.
No detection rules found.
No public exploits indexed.
http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00074.htmlhttp://lists.opensuse.org/opensuse-security-announce/2020-10/msg00077.htmlhttps://bugzilla.mozilla.org/show_bug.cgi?id=1646140https://lists.debian.org/debian-lts-announce/2020/10/msg00020.htmlhttps://security.gentoo.org/glsa/202010-02https://www.debian.org/security/2020/dsa-4770https://www.mozilla.org/security/advisories/mfsa2020-42/https://www.mozilla.org/security/advisories/mfsa2020-43/https://www.mozilla.org/security/advisories/mfsa2020-44/http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00074.htmlhttp://lists.opensuse.org/opensuse-security-announce/2020-10/msg00077.htmlhttps://bugzilla.mozilla.org/show_bug.cgi?id=1646140https://lists.debian.org/debian-lts-announce/2020/10/msg00020.htmlhttps://security.gentoo.org/glsa/202010-02https://www.debian.org/security/2020/dsa-4770https://www.mozilla.org/security/advisories/mfsa2020-42/https://www.mozilla.org/security/advisories/mfsa2020-43/https://www.mozilla.org/security/advisories/mfsa2020-44/
2020-10-01
Published