Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

CVE-2020-6799

UNKNOWN
Published 2020-03-02T04:05:03
Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2020-6799. We'll provide specific mitigation strategies based on your environment and risk profile.

No CVSS data available

Description

Command line arguments could have been injected during Firefox invocation as a shell handler for certain unsupported file types. This required Firefox to be configured as the default handler for a given file type and for a file downloaded to be opened in a third party application that insufficiently sanitized URL data. In that situation, clicking a link in the third party application could have been used to retrieve and execute files whose location was supplied through command line arguments. Note: This issue only affects Windows operating systems and when Firefox is configured as the default handler for non-default filetypes. Other operating systems are unaffected. This vulnerability affects Firefox < 73 and Firefox < ESR68.5.

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

Affected Products

Mozilla

Firefox

Affected Versions:

unspecified unspecified

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

⚠ Unreviewed MODERATE

GHSA-8h3q-5823-cjpv

Advisory Details

Command line arguments could have been injected during Firefox invocation as a shell handler for certain unsupported file types. This required Firefox to be configured as the default handler for a given file type and for a file downloaded to be opened in a third party application that insufficiently sanitized URL data. In that situation, clicking a link in the third party application could have been used to retrieve and execute files whose location was supplied through command line arguments. Note: This issue only affects Windows operating systems and when Firefox is configured as the default handler for non-default filetypes. Other operating systems are unaffected. This vulnerability affects Firefox < 73 and Firefox < ESR68.5.

CVSS Scoring

CVSS Score

5.0

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2020-6799
WEB https://bugzilla.mozilla.org/show_bug.cgi?id=1606596
WEB https://security.gentoo.org/glsa/202003-02
WEB https://www.mozilla.org/security/advisories/mfsa2020-05
WEB https://www.mozilla.org/security/advisories/mfsa2020-06

Advisory provided by GitHub Security Advisory Database. Published: May 24, 2022, Modified: May 24, 2022

References

https://www.mozilla.org/security/advisories/mfsa2020-05/
https://www.mozilla.org/security/advisories/mfsa2020-06/
https://bugzilla.mozilla.org/show_bug.cgi?id=1606596
https://security.gentoo.org/glsa/202003-02
Published: 2020-03-02T04:05:03
Last Modified: 2024-08-04T09:11:05.093Z
Copied to clipboard!