CVE-2022-34473 Information

Description

The HTML Sanitizer should have sanitized the href attribute of SVG <use> tags; however it incorrectly did not sanitize xlink:href attributes. This vulnerability affects Firefox < 102.

Reference

https://bugzilla.mozilla.org/show_bug.cgi?id=1770888 https://www.mozilla.org/security/advisories/mfsa2022-24/