{"containers": {"cna": {"affected": [{"product": "Firefox", "vendor": "Mozilla", "versions": [{"status": "affected", "version": "< 83"}]}, {"product": "Firefox ESR", "vendor": "Mozilla", "versions": [{"status": "affected", "version": "< 78.5"}]}, {"product": "Thunderbird", "vendor": "Mozilla", "versions": [{"status": "affected", "version": "< 78.5"}]}], "descriptions": [{"lang": "en", "value": "A parsing and event loading mismatch in Firefox's SVG code could have allowed load events to fire, even after sanitization. An attacker already capable of exploiting an XSS vulnerability in privileged internal pages could have used this attack to bypass our built-in sanitizer. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5."}], "problemTypes": [{"descriptions": [{"description": "Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-12-09T00:19:43", "orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "shortName": "mozilla"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1667113"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.mozilla.org/security/advisories/mfsa2020-50/"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.mozilla.org/security/advisories/mfsa2020-52/"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.mozilla.org/security/advisories/mfsa2020-51/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@mozilla.org", "ID": "CVE-2020-26951", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Firefox", "version": {"version_data": [{"version_value": "< 83"}]}}, {"product_name": "Firefox ESR", "version": {"version_data": [{"version_value": "< 78.5"}]}}, {"product_name": "Thunderbird", "version": {"version_data": [{"version_value": "< 78.5"}]}}]}, "vendor_name": "Mozilla"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A parsing and event loading mismatch in Firefox's SVG code could have allowed load events to fire, even after sanitization. An attacker already capable of exploiting an XSS vulnerability in privileged internal pages could have used this attack to bypass our built-in sanitizer. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code"}]}]}, "references": {"reference_data": [{"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1667113", "refsource": "MISC", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1667113"}, {"name": "https://www.mozilla.org/security/advisories/mfsa2020-50/", "refsource": "CONFIRM", "url": "https://www.mozilla.org/security/advisories/mfsa2020-50/"}, {"name": "https://www.mozilla.org/security/advisories/mfsa2020-52/", "refsource": "CONFIRM", "url": "https://www.mozilla.org/security/advisories/mfsa2020-52/"}, {"name": "https://www.mozilla.org/security/advisories/mfsa2020-51/", "refsource": "CONFIRM", "url": "https://www.mozilla.org/security/advisories/mfsa2020-51/"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T16:03:22.995Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1667113"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.mozilla.org/security/advisories/mfsa2020-50/"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.mozilla.org/security/advisories/mfsa2020-52/"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.mozilla.org/security/advisories/mfsa2020-51/"}]}]}, "cveMetadata": {"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe", "assignerShortName": "mozilla", "cveId": "CVE-2020-26951", "datePublished": "2020-12-09T00:19:43", "dateReserved": "2020-10-12T00:00:00", "dateUpdated": "2024-08-04T16:03:22.995Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "matchCriteriaId": "9385C808-43DD-4D02-B1A9-89A2E3986DF2", "versionEndExcluding": "83.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*", "matchCriteriaId": "36160ED9-05B8-4E38-8C67-49EE1738AF8B", "versionEndExcluding": "78.5", "vulnerable": true}, {"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*", "matchCriteriaId": "C169EC17-3490-437D-A36B-40C3DE316175", "versionEndExcluding": "78.5", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A parsing and event loading mismatch in Firefox's SVG code could have allowed load events to fire, even after sanitization. An attacker already capable of exploiting an XSS vulnerability in privileged internal pages could have used this attack to bypass our built-in sanitizer. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5."}, {"lang": "es", "value": "Un desajuste en el an\u00e1lisis y la carga de eventos en el c\u00f3digo SVG de Firefox podr\u00eda haber permitido a unos eventos de carga dispararse, incluso despu\u00e9s del saneamiento. Un atacante ya capaz de explotar una vulnerabilidad de tipo XSS en p\u00e1ginas internas privilegiadas podr\u00eda haber usado este ataque para omitir nuestro sanitizador incorporado. Esta vulnerabilidad afecta a Firefox versiones anteriores a 83, Firefox ESR versiones anteriores a 78.5, y Thunderbird versiones anteriores a 78.5"}], "id": "CVE-2020-26951", "lastModified": "2020-12-09T19:49:24.543", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-12-09T01:15:12.643", "references": [{"source": "security@mozilla.org", "tags": ["Issue Tracking", "Permissions Required", "Vendor Advisory"], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1667113"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2020-50/"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2020-51/"}, {"source": "security@mozilla.org", "tags": ["Vendor Advisory"], "url": "https://www.mozilla.org/security/advisories/mfsa2020-52/"}], "sourceIdentifier": "security@mozilla.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Irvan Kurniawan (@sourc7) as the original reporter.", "affected_release": [{"advisory": "RHSA-2020:5238", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "thunderbird-0:78.5.0-1.el6_10", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2020-11-30T00:00:00Z"}, {"advisory": "RHSA-2020:5257", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "firefox-0:78.5.0-1.el6_10", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2020-11-30T00:00:00Z"}, {"advisory": "RHSA-2020:5235", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "thunderbird-0:78.5.0-1.el7_9", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2020-11-30T00:00:00Z"}, {"advisory": "RHSA-2020:5239", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "firefox-0:78.5.0-1.el7_9", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2020-11-30T00:00:00Z"}, {"advisory": "RHSA-2020:5236", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "thunderbird-0:78.5.0-1.el8_3", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2020-11-30T00:00:00Z"}, {"advisory": "RHSA-2020:5237", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "firefox-0:78.5.0-1.el8_3", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2020-11-30T00:00:00Z"}, {"advisory": "RHSA-2020:5240", "cpe": "cpe:/a:redhat:rhel_e4s:8.0", "package": "thunderbird-0:78.5.0-1.el8_0", "product_name": "Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions", "release_date": "2020-11-30T00:00:00Z"}, {"advisory": "RHSA-2020:5314", "cpe": "cpe:/a:redhat:rhel_e4s:8.0", "package": "firefox-0:78.5.0-1.el8_0", "product_name": "Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions", "release_date": "2020-12-01T00:00:00Z"}, {"advisory": "RHSA-2020:5231", "cpe": "cpe:/a:redhat:rhel_eus:8.1", "package": "thunderbird-0:78.5.0-1.el8_1", "product_name": "Red Hat Enterprise Linux 8.1 Extended Update Support", "release_date": "2020-11-30T00:00:00Z"}, {"advisory": "RHSA-2020:5233", "cpe": "cpe:/a:redhat:rhel_eus:8.1", "package": "firefox-0:78.5.0-1.el8_1", "product_name": "Red Hat Enterprise Linux 8.1 Extended Update Support", "release_date": "2020-11-30T00:00:00Z"}, {"advisory": "RHSA-2020:5232", "cpe": "cpe:/a:redhat:rhel_eus:8.2", "package": "thunderbird-0:78.5.0-1.el8_2", "product_name": "Red Hat Enterprise Linux 8.2 Extended Update Support", "release_date": "2020-11-30T00:00:00Z"}, {"advisory": "RHSA-2020:5234", "cpe": "cpe:/a:redhat:rhel_eus:8.2", "package": "firefox-0:78.5.0-1.el8_2", "product_name": "Red Hat Enterprise Linux 8.2 Extended Update Support", "release_date": "2020-11-30T00:00:00Z"}], "bugzilla": {"description": "Mozilla: Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code", "id": "1898731", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1898731"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "status": "verified"}, "cwe": "CWE-354", "details": ["A parsing and event loading mismatch in Firefox's SVG code could have allowed load events to fire, even after sanitization. An attacker already capable of exploiting an XSS vulnerability in privileged internal pages could have used this attack to bypass our built-in sanitizer. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5."], "name": "CVE-2020-26951", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Out of support scope", "package_name": "firefox", "product_name": "Red Hat Enterprise Linux 5"}], "public_date": "2020-11-17T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2020-26951\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-26951\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26951"], "threat_severity": "Important", "upstream_fix": "thunderbird 78.5, firefox 78.5"}