6.8
CVSSv2

CVE-2020-6811

Published: 25/03/2020 Updated: 30/03/2020
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Vulnerability Summary

Mozilla Firefox could allow a remote malicious user to execute arbitrary commands on the system, caused by the failure to properly escape the HTTP method of a request by the 'Copy as cURL' feature of Devtools' network tab. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability using unknown attack vectors to execute arbitrary commands on the vulnerable system or cause a denial of service.

Vulnerability Trend

Affected Products

Vendor Product Versions
MozillaFirefox-, 0.1, 0.2, 0.3, 0.4, 0.5, 0.6, 0.6.1, 0.7, 0.7.1, 0.8, 0.9, 0.9.1, 0.9.2, 0.9.3, 0.10, 0.10.1, 1.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, 1.0.5, 1.0.6, 1.0.7, 1.0.8, 1.4.1, 1.5, 1.5.0.1, 1.5.0.2, 1.5.0.3, 1.5.0.4, 1.5.0.5, 1.5.0.6, 1.5.0.7, 1.5.0.8, 1.5.0.9, 1.5.0.10, 1.5.0.11, 1.5.0.12, 1.5.1, 1.5.2, 1.5.3, 1.5.4, 1.5.5, 1.5.6, 1.5.7, 1.5.8, 1.8, 2.0, 2.0.0.1, 2.0.0.2, 2.0.0.3, 2.0.0.4, 2.0.0.5, 2.0.0.6, 2.0.0.7, 2.0.0.8, 2.0.0.9, 2.0.0.10, 2.0.0.11, 2.0.0.12, 2.0.0.13, 2.0.0.14, 2.0.0.15, 2.0.0.16, 2.0.0.17, 2.0.0.18, 2.0.0.19, 2.0.0.20, 3.0, 3.0.1, 3.0.2, 3.0.3, 3.0.4, 3.0.5, 3.0.6, 3.0.7, 3.0.8, 3.0.9, 3.0.10, 3.0.11, 3.0.12, 3.0.13, 3.0.14, 3.0.15, 3.0.16, 3.0.17, 3.0.18, 3.0.19, 3.5, 3.5.1, 3.5.2, 3.5.3, 3.5.4, 3.5.5, 3.5.6, 3.5.7, 3.5.8, 3.5.9, 3.5.10, 3.5.11, 3.5.12, 3.5.13, 3.5.14, 3.5.15, 3.5.16, 3.5.17, 3.5.18, 3.5.19, 3.6, 3.6.2, 3.6.3, 3.6.4, 3.6.6, 3.6.7, 3.6.8, 3.6.9, 3.6.10, 3.6.11, 3.6.12, 3.6.13, 3.6.14, 3.6.15, 3.6.16, 3.6.17, 3.6.18, 3.6.19, 3.6.20, 3.6.21, 3.6.22, 3.6.23, 3.6.24, 3.6.25, 3.6.26, 3.6.27, 3.6.28, 4.0, 4.0.1, 5.0, 5.0.1, 6.0, 6.0.1, 6.0.2, 7.0, 7.0.1, 8.0, 8.0.1, 9.0, 9.0.1, 10.0, 10.0.1, 10.0.2, 10.0.3, 10.0.4, 10.0.5, 10.0.6, 10.0.7, 10.0.8, 10.0.9, 10.0.10, 10.0.11, 10.0.12, 11.0, 12.0, 13.0, 13.0.1, 14.0, 14.0.1, 15.0, 15.0.1, 16.0, 16.0.1, 16.0.2, 17.0, 17.0.1, 17.0.2, 17.0.3, 17.0.4, 17.0.5, 17.0.6, 17.0.7, 17.0.8, 17.0.9, 17.0.10, 17.0.11, 18.0, 18.0.1, 18.0.2, 19.0, 19.0.1, 19.0.2, 20.0, 20.0.1, 21.0, 22.0, 23.0, 23.0.1, 24.0, 24.1, 24.1.0, 24.1.1, 24.2.0, 24.3.0, 24.4.0, 24.5.0, 24.6.0, 24.7.0, 24.8.0, 24.8.1, 25.0, 25.0.1, 26.0, 27.0, 27.0.1, 28.0, 29.0, 29.0.1, 30.0, 31.0, 31.1.0, 31.1.1, 31.2.0, 31.3.0, 31.4.0, 31.5.0, 31.5.2, 31.5.3, 31.6.0, 31.7.0, 31.8.0, 32.0, 32.0.1, 32.0.2, 32.0.3, 33.0, 33.0.1, 33.0.2, 33.0.3, 33.1, 33.1.1, 34.0, 34.0.5, 35.0, 35.0.1, 36.0, 36.0.1, 36.0.3, 36.0.4, 37.0, 37.0.1, 37.0.2, 38.0, 38.0.1, 38.0.5, 38.1.0, 38.1.1, 38.2.0, 38.2.1, 38.3.0, 38.4.0, 38.5.0, 38.5.1, 38.5.2, 38.6.0, 38.6.1, 38.7.0, 38.7.1, 38.8.0, 39.0, 39.0.3, 40.0, 40.0.2, 40.0.3, 41.0, 41.0.1, 41.0.2, 42.0, 43.0, 43.0.1, 43.0.2, 43.0.3, 43.0.4, 44.0, 44.0.1, 44.0.2, 45.0, 45.0.1, 45.0.2, 45.1.1, 45.2.0, 45.3.0, 45.4.0, 45.5.0, 45.5.1, 45.6.0, 45.7.0, 45.8.0, 45.9.0, 46.0, 46.0.1, 47.0, 47.0.1, 47.0.2, 48.0, 48.0.1, 48.0.2, 49.0, 49.0.1, 49.0.2, 50, 50.0, 50.0.1, 50.0.2, 50.1.0, 51.0, 51.0.1, 51.0.3, 52.0, 52.0.1, 52.0.2, 52.1.0, 52.1.1, 52.1.2, 52.2.0, 52.2.1, 52.3.0, 52.4.0, 52.4.1, 52.5.0, 52.5.2, 52.5.3, 52.6.0, 52.7.0, 52.7.1, 52.7.2, 52.7.3, 52.7.4, 52.8.0, 52.8.1, 52.9.0, 53.0, 53.0.2, 53.0.3, 54.0, 54.0.1, 55.0, 55.0.1, 55.0.2, 55.0.3, 56.0, 56.0.1, 56.0.2, 57.0, 57.0.1, 57.0.2, 57.0.3, 57.0.4, 58, 58.0, 58.0.1, 58.0.2, 59, 59.0, 59.0.1, 59.0.2, 59.0.3, 60, 60.0, 60.0.1, 60.0.2, 60.1.0, 60.2.0, 60.2.1, 60.2.2, 60.3.0, 60.4.0, 60.5.0, 60.6.1, 60.7.3, 61.0, 61.0.1, 61.0.2, 62.0, 62.0.2, 62.0.3, 63.0, 63.0.1, 63.0.3, 64.0, 64.0.2, 65.0, 65.0.1, 65.0.2, 66.0, 66.0.1, 66.0.2, 66.0.3, 66.0.4, 66.0.5, 67.0, 67.0.2, 67.0.3, 67.0.4, 68.0, 68.0.1, 68.0.2, 68.1.0, 68.2.0, 68.3.0, 68.4.0, 68.4.1, 68.6.0, 69.0, 69.0.1, 69.0.2, 69.0.3, 70.0, 70.0.1, 71.0, 72.0, 72.0.1, 73.0, 73.0.1
MozillaFirefox Esr10.0, 10.0.1, 10.0.2, 10.0.3, 10.0.4, 10.0.5, 10.0.6, 10.0.7, 10.0.8, 10.0.9, 10.0.10, 10.0.11, 10.0.12, 17.0, 17.0.1, 17.0.2, 17.0.3, 17.0.4, 17.0.5, 17.0.6, 17.0.7, 17.0.8, 17.0.9, 17.0.10, 17.0.11, 24.0, 24.0.1, 24.0.2, 24.1.0, 24.1.1, 24.2, 24.3, 24.4, 24.5, 24.6, 24.7, 24.8, 31.0, 31.1, 31.1.0, 31.1.1, 31.2, 31.3, 31.3.0, 31.4, 31.5, 31.5.1, 31.5.2, 31.5.3, 31.6, 31.7, 31.8, 38.0, 38.0.1, 38.0.5, 38.1.0, 38.1.1, 38.2.0, 38.2.1, 38.3.0, 38.4.0, 38.5.0, 38.5.1, 38.5.2, 38.6.0, 38.6.1, 38.7.0, 38.7.1, 38.8.0, 45.0, 45.0.1, 45.0.2, 45.1.0, 45.1.1, 45.2.0, 45.3.0, 45.4.0, 45.5.0, 45.5.1, 45.6.0, 45.7.0, 45.8.0, 45.9.0, 52.0, 52.1.0, 52.1.1, 52.1.2, 52.2.0, 52.2.1, 52.3.0, 52.4.0, 52.4.1, 52.5.0, 52.5.2, 52.5.3, 52.6.0, 52.7.0, 52.7.1, 52.7.2, 52.7.3, 52.7.4, 52.8.0, 52.8.1, 52.9.0, 53.0.0, 60.0, 60.0.1, 60.0.2, 60.1.0, 60.2.0, 60.2.2, 60.3.0, 60.4.0, 60.5.0, 60.6.0, 60.6.1, 60.6.2, 60.6.3, 60.7.0, 60.7.1, 60.8.0, 60.9, 60.9.0, 68.0, 68.0.2, 68.1, 68.1.0, 68.3, 68.4, 68.4.1, 68.5.0
MozillaThunderbird-, 0.1, 0.2, 0.3, 0.4, 0.5, 0.6, 0.7, 0.7.1, 0.7.2, 0.7.3, 0.8, 0.9, 1.0, 1.0.2, 1.0.5, 1.0.6, 1.0.7, 1.0.8, 1.1, 1.5, 1.5.0.2, 1.5.0.4, 1.5.0.5, 1.5.0.7, 1.5.0.8, 1.5.0.9, 1.5.0.10, 1.5.0.12, 1.5.0.13, 1.5.0.14, 2.0, 2.0.0.0, 2.0.0.4, 2.0.0.5, 2.0.0.6, 2.0.0.9, 2.0.0.12, 2.0.0.14, 2.0.0.16, 2.0.0.17, 2.0.0.18, 2.0.0.19, 2.0.0.21, 2.0.0.22, 2.0.0.23, 2.0.0.24, 2.0.14, 3.0, 3.0.1, 3.0.2, 3.0.3, 3.0.4, 3.0.5, 3.0.6, 3.0.7, 3.0.8, 3.0.9, 3.0.10, 3.0.11, 3.1, 3.1.1, 3.1.2, 3.1.3, 3.1.4, 3.1.5, 3.1.6, 3.1.7, 3.1.8, 3.1.9, 3.1.10, 3.1.11, 3.1.12, 3.1.13, 3.1.14, 3.1.15, 3.1.16, 3.1.17, 3.1.18, 3.1.19, 3.1.20, 3.3, 5.0, 6.0, 6.0.1, 6.0.2, 7.0, 7.0.1, 8.0, 9.0, 9.0.1, 10.0, 10.0.1, 10.0.2, 11.0, 11.0.1, 12.0, 12.0.1, 13.0, 13.0.1, 14.0, 15.0, 15.0.1, 16.0, 16.0.1, 16.0.2, 17.0, 17.0.2, 17.0.3, 17.0.4, 17.0.5, 17.0.6, 17.0.7, 17.0.8, 17.0.9, 17.0.10, 18.0, 19.0, 20.0, 21.0, 22.0, 23.0, 24.0, 24.0.1, 24.1.0, 24.1.1, 24.2.0, 24.3.0, 24.4.0, 24.5.0, 24.6.0, 24.7.0, 24.8.0, 24.8.1, 25.0, 26.0, 27.0, 28.0, 29.0, 30.0, 31.0, 31.1.0, 31.1.1, 31.1.2, 31.2.0, 31.3.0, 31.4.0, 31.5.0, 31.6.0, 31.7.0, 31.8.0, 32.0, 33.0, 34.0, 36.0, 37.0, 38.0, 38.0.1, 38.1.0, 38.2.0, 38.3.0, 38.4.0, 38.5.0, 38.5.1, 38.6.0, 38.7.0, 38.7.1, 38.7.2, 38.8.0, 40.0, 41.0, 42.0, 43.0, 44.0, 45.0, 45.1, 45.1.0, 45.1.1, 45.2, 45.2.0, 45.3.0, 45.4.0, 45.5.0, 45.5.1, 45.6.0, 45.7.0, 45.7.1, 45.8.0, 47.0, 49.0, 50.0, 51.0, 52.0, 52.0.1, 52.1.0, 52.1.1, 52.2.0, 52.2.1, 52.3.0, 52.4.0, 52.5.0, 52.5.2, 52.6.0, 52.7.0, 52.8.0, 52.9.0, 52.9.1, 53.0, 54.0, 55.0, 56.0, 57.0, 58.0, 59.0, 60.0, 60.2.1, 60.3.0, 60.3.1, 60.3.2, 60.3.3, 60.4.0, 60.5.0, 60.5.1, 60.6.0, 60.6.1, 60.7.0, 60.7.1, 60.7.2, 60.8.0, 60.9, 60.9.0, 60.9.1, 63.0, 64.0, 65.0, 66.0, 67.0, 68.0, 68.1, 68.1.0, 68.1.1, 68.1.2, 68.2.0, 68.2.1, 68.2.2, 68.3.0, 68.3.1, 68.4.1, 68.5.0

Vendor Advisories

Synopsis Important: firefox security update Type/Severity Security Advisory: Important Topic An update for firefox is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, ...
Synopsis Important: firefox security update Type/Severity Security Advisory: Important Topic An update for firefox is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, ...
Synopsis Important: thunderbird security update Type/Severity Security Advisory: Important Topic An update for thunderbird is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) bas ...
Synopsis Important: thunderbird security update Type/Severity Security Advisory: Important Topic An update for thunderbird is now available for Red Hat Enterprise Linux 80 Update Services for SAP SolutionsRed Hat Product Security has rated this update as having a security impact of Important A Common Vul ...
Synopsis Important: firefox security update Type/Severity Security Advisory: Important Topic An update for firefox is now available for Red Hat Enterprise Linux 80 Update Services for SAP SolutionsRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerabili ...
Synopsis Important: thunderbird security update Type/Severity Security Advisory: Important Topic An update for thunderbird is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) bas ...
Synopsis Important: firefox security update Type/Severity Security Advisory: Important Topic An update for firefox is now available for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, ...
Synopsis Important: thunderbird security update Type/Severity Security Advisory: Important Topic An update for thunderbird is now available for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) bas ...
A security issue has been found in Firefox before 74, where the 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP method of a request, which can be controlled by the website If a user used the 'Copy as Curl' feature and pasted the command into a terminal, it could have resulted in command injection and arbitrary comm ...
Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code For the oldstable distribution (stretch), these problems have been fixed in version 6860esr-1~deb9u1 For the stable distribution (buster), these problems have been fixed in version 6860esr-1~deb10u1 W ...
Multiple security issues have been found in Thunderbird which could potentially result in the execution of arbitrary code For the oldstable distribution (stretch), these problems have been fixed in version 1:6860-1~deb9u1 For the stable distribution (buster), these problems have been fixed in version 1:6860-1~deb10u1 We recommend that you up ...
Arch Linux Security Advisory ASA-202003-11 ========================================== Severity: Critical Date : 2020-03-16 CVE-ID : CVE-2019-20503 CVE-2020-6805 CVE-2020-6806 CVE-2020-6807 CVE-2020-6811 CVE-2020-6812 CVE-2020-6814 Package : thunderbird Type : multiple issues Remote : Yes Link : securityarchlinuxorg/ ...
Firefox could be made to crash or run programs as your login if it opened a malicious website ...
Arch Linux Security Advisory ASA-202003-8 ========================================= Severity: Critical Date : 2020-03-11 CVE-ID : CVE-2019-20503 CVE-2020-6805 CVE-2020-6806 CVE-2020-6807 CVE-2020-6808 CVE-2020-6809 CVE-2020-6810 CVE-2020-6811 CVE-2020-6812 CVE-2020-6813 CVE-2020-6814 CVE-2020-6815 Package : firefox Type ...