[DOMPurify Security] New Release Version 2.0.4 (Security Issue)
Security Announcements for DOMPurify and related tools
dompurify-security at lists.ruhr-uni-bochum.de
Mon Oct 7 15:40:18 CEST 2019
A new version of DOMPurify was released today: DOMPurify 2.0.4
Following the release of DOMPurify 2.0.3, another mXSS variation,
spotted by Masato Kinugawa was addressed and fixed. This time, the
attack made use of MathML embedded inside inline SVG.
DOMPurify is now more aware of this and comparable browser issues
and changes the sanitization behavior to be more secure. The fix has
been reviewed by the original finder as well.
Updated packages are available here:
Fon +49 1520 8675 782
cure53.de || keybase.io/cure53 || @cure53berlin
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 833 bytes
Desc: OpenPGP digital signature
More information about the DOMPurify-Security