Vulnerabilities > CVE-2020-26973 - Unspecified vulnerability in Mozilla Firefox ESR
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
Certain input to the CSS Sanitizer confused it, resulting in incorrect components being removed. This could have been used as a sanitizer bypass. This vulnerability affects Firefox < 84, Thunderbird < 78.6, and Firefox ESR < 78.6.
Vulnerable Configurations
References
- https://bugzilla.mozilla.org/show_bug.cgi?id=1680084
- https://bugzilla.mozilla.org/show_bug.cgi?id=1680084
- https://www.mozilla.org/security/advisories/mfsa2020-54/
- https://www.mozilla.org/security/advisories/mfsa2020-54/
- https://www.mozilla.org/security/advisories/mfsa2020-55/
- https://www.mozilla.org/security/advisories/mfsa2020-55/
- https://www.mozilla.org/security/advisories/mfsa2020-56/
- https://www.mozilla.org/security/advisories/mfsa2020-56/