#cross-site-scripting-xss

#cross-site-scripting-xss

CVE-2026-42897 is a spoofing and XSS Exchange zero-day exploited via crafted emails, requiring immediate mitigations until a permanent patch is available.

Firefox 148 introduces the standardized Sanitizer API, enabling developers to safely remove malicious HTML and JavaScript from user-generated content before inserting it into the DOM.