vulnerability
Arch Linux: Content spoofing (CVE-2020-26973)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 7 | (AV:N/AC:M/Au:N/C:P/I:P/A:P) | Jan 7, 2021 | Jul 11, 2025 | Nov 27, 2025 |
Severity
7
CVSS
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
Published
Jan 7, 2021
Added
Jul 11, 2025
Modified
Nov 27, 2025
Description
A security issue was found in Firefox before 84.0 and Thunderbird before 78.6 where certain input to the CSS Sanitizer confused it, resulting in incorrect components being removed. This could have been used as a sanitizer bypass.
Solution
arch-linux-upgrade-latest
References
- CVE-2020-26973
- https://attackerkb.com/topics/CVE-2020-26973
- URL-https://bugzilla.mozilla.org/show_bug.cgi?id=1680084
- URL-https://security.archlinux.org/ASA-202012-23
- URL-https://security.archlinux.org/ASA-202012-25
- URL-https://www.mozilla.org/en-US/security/advisories/mfsa2020-54/
- URL-https://www.mozilla.org/security/advisories/mfsa2020-54/
- URL-https://www.mozilla.org/security/advisories/mfsa2020-55/
- URL-https://www.mozilla.org/security/advisories/mfsa2020-56/
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.