CVE-2020-26973

Summary

Certain input to the CSS Sanitizer confused it, resulting in incorrect components being removed. This could have been used as a sanitizer bypass. This vulnerability affects Firefox < 84, Thunderbird < 78.6, and Firefox ESR < 78.6.

Affected Software

VendorProductVersion RangeStatus
MozillaFirefoxunspecified < 84affected
MozillaThunderbirdunspecified < 78.6affected
MozillaFirefox ESRunspecified < 78.6affected

Weaknesses

  • CSS Sanitizer performed incorrect sanitization

ADP Enrichment

CVE Program Container

Additional References

References