A security issue was found in Firefox before version 86.0. The DOMParser API did not properly process <noscript> elements for escaping. This could be used as a mutation cross-site scripting (mXSS) vector to bypass an HTML Sanitizer.
A security issue was found in Firefox before version 86.0. The DOMParser API did not properly process <noscript> elements for escaping. This could be used as a mutation cross-site scripting (mXSS) vector to bypass an HTML Sanitizer.
https://www.mozilla.org/en-US/security/advisories/mfsa2021-07/#CVE-2021-23974 https://bugzilla.mozilla.org/buglist.cgi?bug_id=1528997%2C1683627