A security issue has been found in Firefox before 83.0 where, in some cases, removing HTML elements during sanitization would keep existing SVG event handlers and therefore lead to XSS.
A security issue has been found in Firefox before 83.0 where, in some cases, removing HTML elements during sanitization would keep existing SVG event handlers and therefore lead to XSS.
https://www.mozilla.org/en-US/security/advisories/mfsa2020-50/#CVE-2020-26956