Firefox sometimes ran the onload handler for SVG elements that the DOM sanitizer decided to remove, resulting in JavaScript being executed after pasting attacker-controlled data into a contenteditable element. External Reference: https://www.mozilla.org/en-US/security/advisories/mfsa2020-43/#CVE-2020-15676
Acknowledgments: Name: the Mozilla project Upstream: Daniel Fröjdendahl
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions Via RHSA-2020:3834 https://access.redhat.com/errata/RHSA-2020:3834
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.1 Extended Update Support Via RHSA-2020:3833 https://access.redhat.com/errata/RHSA-2020:3833
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:3832 https://access.redhat.com/errata/RHSA-2020:3832
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2020:3835 https://access.redhat.com/errata/RHSA-2020:3835
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2020-15676
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2020:4080 https://access.redhat.com/errata/RHSA-2020:4080
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions Via RHSA-2020:4156 https://access.redhat.com/errata/RHSA-2020:4156
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.1 Extended Update Support Via RHSA-2020:4157 https://access.redhat.com/errata/RHSA-2020:4157
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:4155 https://access.redhat.com/errata/RHSA-2020:4155
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2020:4158 https://access.redhat.com/errata/RHSA-2020:4158
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2020:4163 https://access.redhat.com/errata/RHSA-2020:4163