vulnerability

Oracle Linux: CVE-2020-26958: ELSA-2020-5235: thunderbird security update (IMPORTANT) (Multiple Advisories)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
4	(AV:N/AC:M/Au:N/C:N/I:P/A:N)	Nov 17, 2020	Dec 1, 2020	Dec 3, 2025

Severity

CVSS

(AV:N/AC:M/Au:N/C:N/I:P/A:N)

Published

Nov 17, 2020

Added

Dec 1, 2020

Modified

Dec 3, 2025

Description

Firefox did not block execution of scripts with incorrect MIME types when the response was intercepted and cached through a ServiceWorker. This could lead to a cross-site script inclusion vulnerability, or a Content Security Policy bypass. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5.

Solutions

oracle-linux-upgrade-firefoxoracle-linux-upgrade-thunderbird

References

CVE-2020-26958
https://attackerkb.com/topics/CVE-2020-26958
ELSA-ELSA-2020-5235
ELSA-ELSA-2020-5236
ELSA-ELSA-2020-5237
ELSA-ELSA-2020-5238
ELSA-ELSA-2020-5239
ELSA-ELSA-2020-5257
CWE-79

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report