vulnerability

Arch Linux: Arbitrary code execution (CVE-2020-12391)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
5	(AV:N/AC:L/Au:N/C:N/I:P/A:N)	May 26, 2020	Jul 11, 2025	Nov 27, 2025

Severity

CVSS

(AV:N/AC:L/Au:N/C:N/I:P/A:N)

Published

May 26, 2020

Added

Jul 11, 2025

Modified

Nov 27, 2025

Description

Documents formed using data: URLs in an object element failed to inherit the CSP of the creating context in Firefox before 76.0. This allowed the execution of scripts that should have been blocked, albeit with a unique opaque origin.

Solution

arch-linux-upgrade-latest

References

CVE-2020-12391
https://attackerkb.com/topics/CVE-2020-12391
URL-https://bugzilla.mozilla.org/show_bug.cgi?id=1457100
URL-https://security.archlinux.org/ASA-202005-3
URL-https://www.mozilla.org/security/advisories/mfsa2020-16/
CWE-863

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today