Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2020-12393

Опубликовано: 05 мая 2020
Источник: redhat
CVSS3: 7.8

Описание

The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP method of a request, which can be controlled by the website. If a user used the 'Copy as cURL' feature and pasted the command into a terminal, it could have resulted in command injection and arbitrary command execution. Note: this issue only affects Firefox on Windows operating systems.. This vulnerability affects Firefox ESR < 68.8, Firefox < 76, and Thunderbird < 68.8.0.

Отчет

This issue only affects Firefox on Windows operating systems. Firefox on Linux is not affected.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5firefoxOut of support scope
Red Hat Enterprise Linux 5thunderbirdOut of support scope
Red Hat Enterprise Linux 6firefoxNot affected
Red Hat Enterprise Linux 6thunderbirdNot affected
Red Hat Enterprise Linux 7firefoxNot affected
Red Hat Enterprise Linux 7thunderbirdNot affected
Red Hat Enterprise Linux 8firefoxNot affected
Red Hat Enterprise Linux 8thunderbirdNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-552
https://bugzilla.redhat.com/show_bug.cgi?id=1831946Mozilla: Devtools' 'Copy as cURL' feature did not fully escape website-controlled data, potentially leading to command injection

7.8 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2020-12393

CVSS3: 7.8
ubuntu
больше 5 лет назад

The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP method of a request, which can be controlled by the website. If a user used the 'Copy as cURL' feature and pasted the command into a terminal, it could have resulted in command injection and arbitrary command execution. *Note: this issue only affects Firefox on Windows operating systems.*. This vulnerability affects Firefox ESR < 68.8, Firefox < 76, and Thunderbird < 68.8.0.

nvd логотип

CVE-2020-12393

CVSS3: 7.8
nvd
больше 5 лет назад

The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP method of a request, which can be controlled by the website. If a user used the 'Copy as cURL' feature and pasted the command into a terminal, it could have resulted in command injection and arbitrary command execution. *Note: this issue only affects Firefox on Windows operating systems.*. This vulnerability affects Firefox ESR < 68.8, Firefox < 76, and Thunderbird < 68.8.0.

debian логотип

CVE-2020-12393

CVSS3: 7.8
debian
больше 5 лет назад

The 'Copy as cURL' feature of Devtools' network tab did not properly e ...

github логотип

GHSA-x932-mvm6-79m8

github
больше 3 лет назад

The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP method of a request, which can be controlled by the website. If a user used the 'Copy as cURL' feature and pasted the command into a terminal, it could have resulted in command injection and arbitrary command execution. *Note: this issue only affects Firefox on Windows operating systems.*. This vulnerability affects Firefox ESR < 68.8, Firefox < 76, and Thunderbird < 68.8.0.

suse-cvrf логотип

openSUSE-SU-2020:0643-1

suse-cvrf
больше 5 лет назад

Security update for MozillaThunderbird

7.8 High

CVSS3