CVE-2020-6811

Common vulnerabilities & exposures (CVE)

CVE database CVE database blogpost Release & EoL database

Published at: - 25-03-2020 11:15

Last modified: - 24-09-2022 03:03

Total changes: - 4

Description

The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP method of a request, which can be controlled by the website. If a user used the 'Copy as Curl' feature and pasted the command into a terminal, it could have resulted in command injection and arbitrary command execution. This vulnerability affects Thunderbird < 68.6, Firefox < 74, Firefox < ESR68.6, and Firefox ESR < 68.6.

Common Vulnerability Scoring System (CVSS)

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Low

Attack complexity

Network

Attack vector

High

Availability

High

Confidentiality

High

Integrity

None

Privileges required

Unchanged

Scope

Required

User interaction

8.8

Base score

2.8

5.9

Exploitability score

Impact score

Verification logic

Reference

https://www.mozilla.org/security/advisories/mfsa2020-10/
https://bugzilla.mozilla.org/show_bug.cgi?id=1607742
https://www.mozilla.org/security/advisories/mfsa2020-08/
https://www.mozilla.org/security/advisories/mfsa2020-09/
USN-4328-1-Third Party Advisory
USN-4335-1-Third Party Advisory

Keywords

CVE-2020-6811

Common vulnerabilities & exposures (CVE)

Description

Common Vulnerability Scoring System (CVSS)

Verification logic

Reference

NVD

CVE-2020-6811

CVE

Common vulnerabilities & exposures

CVSS

Common vulnerability scoring system

Security

Vulnerabilities

Exposures