A security issue was found in Firefox before 84.0 where certain input to the CSS Sanitizer confused it, resulting in incorrect components being removed. This could have been used as a sanitizer bypass.
A security issue was found in Firefox before 84.0 where certain input to the CSS Sanitizer confused it, resulting in incorrect components being removed. This could have been used as a sanitizer bypass.
https://www.mozilla.org/en-US/security/advisories/mfsa2020-54/#CVE-2020-26973 https://bugzilla.mozilla.org/show_bug.cgi?id=1680084