Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2020-6797

Опубликовано: 02 мар. 2020
Источник: nvd
CVSS3: 4.3
CVSS2: 4.3
EPSS Низкий

Описание

By downloading a file with the .fileloc extension, a semi-privileged extension could launch an arbitrary application on the user's computer. The attacker is restricted as they are unable to download non-quarantined files or supply command line arguments to the application, limiting the impact. Note: this issue only occurs on Mac OSX. Other operating systems are unaffected. This vulnerability affects Thunderbird < 68.5, Firefox < 73, and Firefox < ESR68.5.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одновременно

Одно из

cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
Версия до 73.0 (исключая)
cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*
Версия до 68.5.0 (исключая)
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
Версия до 68.5.0 (исключая)
cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*

EPSS

Процентиль: 77%
0.0102
Низкий

4.3 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-20

Связанные уязвимости

ubuntu логотип

CVE-2020-6797

CVSS3: 4.3
ubuntu
почти 6 лет назад

By downloading a file with the .fileloc extension, a semi-privileged extension could launch an arbitrary application on the user's computer. The attacker is restricted as they are unable to download non-quarantined files or supply command line arguments to the application, limiting the impact. Note: this issue only occurs on Mac OSX. Other operating systems are unaffected. This vulnerability affects Thunderbird < 68.5, Firefox < 73, and Firefox < ESR68.5.

redhat логотип

CVE-2020-6797

CVSS3: 4.3
redhat
почти 6 лет назад

By downloading a file with the .fileloc extension, a semi-privileged extension could launch an arbitrary application on the user's computer. The attacker is restricted as they are unable to download non-quarantined files or supply command line arguments to the application, limiting the impact. Note: this issue only occurs on Mac OSX. Other operating systems are unaffected. This vulnerability affects Thunderbird < 68.5, Firefox < 73, and Firefox < ESR68.5.

debian логотип

CVE-2020-6797

CVSS3: 4.3
debian
почти 6 лет назад

By downloading a file with the .fileloc extension, a semi-privileged e ...

github логотип

GHSA-x22j-8886-rjmh

github
больше 3 лет назад

By downloading a file with the .fileloc extension, a semi-privileged extension could launch an arbitrary application on the user's computer. The attacker is restricted as they are unable to download non-quarantined files or supply command line arguments to the application, limiting the impact. Note: this issue only occurs on Mac OSX. Other operating systems are unaffected. This vulnerability affects Thunderbird < 68.5, Firefox < 73, and Firefox < ESR68.5.

suse-cvrf логотип

openSUSE-SU-2020:0230-1

suse-cvrf
почти 6 лет назад

Security update for MozillaFirefox

EPSS

Процентиль: 77%
0.0102
Низкий

4.3 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-20