XSS encoding hazard with inline SVG

2011-06-21T00:00:00
ID MFSA2011-27
Type mozilla
Reporter Mozilla Foundation
Modified 2011-06-21T00:00:00

Description

Security researcher Mario Heiderich reported that HTML-encoded entities were being improperly decoded when displayed inside SVG elements. This could lead to XSS attacks on sites relying on HTML encoding of user-supplied content. The inline SVG feature was introduced in the browser engine used by Firefox 4 and SeaMonkey 2.1; the vulnerability does not affect earlier versions.