Vulnerabilities > CVE-2021-23974 - Unspecified vulnerability in Mozilla Firefox
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
LOW Integrity impact
LOW Availability impact
NONE Summary
The DOMParser API did not properly process '<noscript>' elements for escaping. This could be used as an mXSS vector to bypass an HTML Sanitizer. This vulnerability affects Firefox < 86.
Vulnerable Configurations
References
- https://bugzilla.mozilla.org/buglist.cgi?bug_id=1528997%2C1683627
- https://bugzilla.mozilla.org/buglist.cgi?bug_id=1528997%2C1683627
- https://security.gentoo.org/glsa/202104-10
- https://security.gentoo.org/glsa/202104-10
- https://www.mozilla.org/security/advisories/mfsa2021-07/
- https://www.mozilla.org/security/advisories/mfsa2021-07/