0.001 Low
EPSS
Percentile
41.6%
firefox is vulnerable to cross-site scripting (XSS). An attacker can remove HTML elements during sanitization would keep existing SVG event handlers and subsequently execute arbitrary Javascript on a user’s browser.
bugzilla.mozilla.org/show_bug.cgi?id=1666300
bugzilla.redhat.com/show_bug.cgi?id=1898734
www.mozilla.org/security/advisories/mfsa2020-50/
www.mozilla.org/security/advisories/mfsa2020-51/
www.mozilla.org/security/advisories/mfsa2020-52/