Security Advisory

CVE-2020-12391

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2020-05-26 17:02:35

Last updated 2024-08-04 11:56:51

Assigner mozilla

State PUBLISHED

Description

Documents formed using data: URLs in an OBJECT element failed to inherit the CSP of the creating context. This allowed the execution of scripts that should have been blocked, albeit with a unique opaque origin. This vulnerability affects Firefox < 76.

← Browse all CVEs View on cve.org ↗