{"id":"CVE-2020-6798","details":"If a template tag was used in a select tag, the parser could be confused and allow JavaScript parsing and execution when it should not be allowed. A site that relied on the browser behaving correctly could suffer a cross-site scripting vulnerability as a result. In general, this flaw cannot be exploited through email in the Thunderbird product because scripting is disabled when reading mail, but is potentially a risk in browser or browser-like contexts. This vulnerability affects Thunderbird \u003c 68.5, Firefox \u003c 73, and Firefox \u003c ESR68.5.","modified":"2026-04-16T04:32:53.503653189Z","published":"2020-03-02T05:15:13.400Z","related":["SUSE-SU-2020:0383-1","SUSE-SU-2020:0384-1","SUSE-SU-2020:0385-1","SUSE-SU-2020:14290-1","openSUSE-SU-2020:0230-1","openSUSE-SU-2020:0231-1","openSUSE-SU-2024:10600-1","openSUSE-SU-2024:10601-1","openSUSE-SU-2024:14572-1"],"references":[{"type":"WEB","url":"https://usn.ubuntu.com/4278-2/"},{"type":"WEB","url":"https://usn.ubuntu.com/4328-1/"},{"type":"WEB","url":"https://usn.ubuntu.com/4335-1/"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/202003-10"},{"type":"ADVISORY","url":"https://www.mozilla.org/security/advisories/mfsa2020-05/"},{"type":"ADVISORY","url":"https://www.mozilla.org/security/advisories/mfsa2020-06/"},{"type":"ADVISORY","url":"https://www.mozilla.org/security/advisories/mfsa2020-07/"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/202003-02"},{"type":"REPORT","url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1602944"}],"affected":[{"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"fixed":"73.0"}]},{"events":[{"introduced":"0"},{"fixed":"68.5.0"}]},{"events":[{"introduced":"0"},{"fixed":"68.5.0"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-6798.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}]}