N/A

A parsing and event loading mismatch in Firefox's SVG code could have allowed load events to fire, even after sanitization. An attacker already capable of exploiting an XSS vulnerability in privileged internal pages could have used this attack to bypass our built-in sanitizer. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5.

N/A

N/A

Mozilla Firefox 跨站脚本漏洞

Mozilla Firefox是美国Mozilla基金会的一款开源Web浏览器。 FireFox 存在跨站脚本漏洞，该漏洞源于SVG代码中的解析和事件加载不匹配可能导致加载事件被触发，即使在清除之后也是如此。 已经能够利用特权内部页面中的XSS漏洞的攻击者可能已经使用此攻击来绕过我们的内置消毒器。

N/A

N/A