Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
In some cases, removing HTML elements during sanitization would keep existing SVG event handlers and therefore lead to XSS. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
多款Mozilla产品跨站脚本漏洞
Vulnerability Description
Mozilla Firefox等都是美国Mozilla基金会的产品。Mozilla Firefox是一款开源Web浏览器。Mozilla Firefox ESR是Firefox(Web浏览器)的一个延长支持版本。Mozilla Thunderbird是一套从Mozilla Application Suite独立出来的电子邮件客户端软件。 多款Mozilla产品存在跨站脚本漏洞,该漏洞源于在清理期间删除HTML元素会保留现有的SVG事件处理程序,从而导致XSS。以下产品及版本受到影响:Firefox 83之
CVSS Information
N/A
Vulnerability Type
N/A