Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.6
CVSSv2

CVE-2020-12393

Published: 26/05/2020 Updated: 21/07/2021
CVSS v2 Base Score: 4.6 | Impact Score: 6.4 | Exploitability Score: 3.9
CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8
VMScore: 409
Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Mozilla

Vulnerability Summary

The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP method of a request, which can be controlled by the website. If a user used the 'Copy as cURL' feature and pasted the command into a terminal, it could have resulted in command injection and arbitrary command execution. *Note: this issue only affects Firefox on Windows operating systems.*. This vulnerability affects Firefox ESR < 68.8, Firefox < 76, and Thunderbird < 68.8.0.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

mozilla firefox

mozilla firefox_esr

mozilla thunderbird

Vendor Advisories

Mozilla: Security Vulnerabilities fixed in Thunderbird 68.8.0
Mozilla Foundation Security Advisory 2020-18 Security Vulnerabilities fixed in Thunderbird 6880 Announced May 5, 2020 Impact critical Products Thunderbird Fixed in Thunderbird 688 ...
Mozilla: Security Vulnerabilities fixed in Firefox ESR 68.8
Mozilla Foundation Security Advisory 2020-17 Security Vulnerabilities fixed in Firefox ESR 688 Announced May 5, 2020 Impact critical Products Firefox ESR Fixed in Firefox ESR 688 ...
Mozilla: Security Vulnerabilities fixed in Firefox 76
Mozilla Foundation Security Advisory 2020-16 Security Vulnerabilities fixed in Firefox 76 Announced May 5, 2020 Impact critical Products Firefox Fixed in Firefox 76 ...

References

CWE-78https://www.mozilla.org/security/advisories/mfsa2020-17/https://www.mozilla.org/security/advisories/mfsa2020-18/https://www.mozilla.org/security/advisories/mfsa2020-16/https://bugzilla.mozilla.org/show_bug.cgi?id=1615471https://nvd.nist.govhttps://www.mozilla.org/en-US/security/advisories/mfsa2020-18/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-2907hardcodedinjectCVE-2024-20359CVE-2024-2467CVE-2024-4077CVE-2024-22391cameraCVE-2024-20353
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook