Описание
The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP POST data of a request, which can be controlled by the website. If a user used the 'Copy as cURL' feature and pasted the command into a terminal, it could have resulted in the disclosure of local files. This vulnerability affects Firefox ESR < 68.8, Firefox < 76, and Thunderbird < 68.8.0.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | released | 76.0+build2-0ubuntu0.18.04.1 |
| devel | released | 76.0+build2-0ubuntu1 |
| eoan | released | 76.0+build2-0ubuntu0.19.10.1 |
| esm-infra-legacy/trusty | DNE | |
| esm-infra/focal | DNE | |
| focal | released | 76.0+build2-0ubuntu0.20.04.1 |
| groovy | released | 76.0+build2-0ubuntu1 |
| hirsute | released | 76.0+build2-0ubuntu1 |
| impish | released | 76.0+build2-0ubuntu1 |
| jammy | released | 76.0+build2-0ubuntu1 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | ignored | end of standard support, was needs-triage |
| devel | DNE | |
| eoan | DNE | |
| esm-apps/bionic | ignored | |
| esm-infra-legacy/trusty | DNE | |
| esm-infra/focal | DNE | |
| focal | DNE | |
| groovy | DNE | |
| hirsute | DNE | |
| impish | DNE |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | ignored | end of standard support, was needs-triage |
| devel | DNE | |
| eoan | ignored | end of life |
| esm-apps/focal | ignored | |
| esm-infra-legacy/trusty | DNE | |
| esm-infra/bionic | ignored | |
| focal | ignored | |
| groovy | ignored | end of life |
| hirsute | DNE | |
| impish | DNE |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | DNE | |
| devel | DNE | |
| eoan | ignored | end of life |
| esm-infra-legacy/trusty | DNE | |
| esm-infra/focal | DNE | |
| focal | DNE | |
| groovy | DNE | |
| hirsute | DNE | |
| impish | DNE | |
| jammy | DNE |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | DNE | |
| devel | DNE | |
| eoan | DNE | |
| esm-infra-legacy/trusty | DNE | |
| esm-infra/focal | ignored | |
| focal | ignored | |
| groovy | ignored | end of life |
| hirsute | DNE | |
| impish | DNE | |
| jammy | DNE |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | released | 1:68.8.0+build2-0ubuntu0.18.04.2 |
| devel | released | 1:68.8.0+build2-0ubuntu1 |
| eoan | released | 1:68.8.0+build2-0ubuntu0.19.10.2 |
| esm-infra-legacy/trusty | DNE | |
| esm-infra/focal | DNE | |
| focal | released | 1:68.8.0+build2-0ubuntu0.20.04.2 |
| groovy | released | 1:68.8.0+build2-0ubuntu1 |
| hirsute | released | 1:68.8.0+build2-0ubuntu1 |
| impish | released | 1:68.8.0+build2-0ubuntu1 |
| jammy | released | 1:68.8.0+build2-0ubuntu1 |
Показывать по
Ссылки на источники
EPSS
2.1 Low
CVSS2
5.5 Medium
CVSS3
Связанные уязвимости
The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP POST data of a request, which can be controlled by the website. If a user used the 'Copy as cURL' feature and pasted the command into a terminal, it could have resulted in the disclosure of local files. This vulnerability affects Firefox ESR < 68.8, Firefox < 76, and Thunderbird < 68.8.0.
The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP POST data of a request, which can be controlled by the website. If a user used the 'Copy as cURL' feature and pasted the command into a terminal, it could have resulted in the disclosure of local files. This vulnerability affects Firefox ESR < 68.8, Firefox < 76, and Thunderbird < 68.8.0.
The 'Copy as cURL' feature of Devtools' network tab did not properly e ...
The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP POST data of a request, which can be controlled by the website. If a user used the 'Copy as cURL' feature and pasted the command into a terminal, it could have resulted in the disclosure of local files. This vulnerability affects Firefox ESR < 68.8, Firefox < 76, and Thunderbird < 68.8.0.
Уязвимость опции «Копировать как cURL» веб-браузеров Firefox ESR, Firefox, почтового клиента Thunderbird, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
EPSS
2.1 Low
CVSS2
5.5 Medium
CVSS3