1. Home
  2. Vulnerabilities
  3. CVE-2020-12393

CVE-2020-12393

CVSS v3.1 7.8 (High)
78% Progress
CVSS v2.0 4.6 (Medium)
46% Progress
EPSS 0.05 % (21th)
0.05% Progress
Affected Products 4
Advisories 10
Info CVSS EPSS CAPEC Affected Configurations References Security Advisories Packages & Software OVAL Tools, Exploits & PoC Graph Web & Social Timeline

The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP method of a request, which can be controlled by the website. If a user used the 'Copy as cURL' feature and pasted the command into a terminal, it could have resulted in command injection and arbitrary command execution. Note: this issue only affects Firefox on Windows operating systems.. This vulnerability affects Firefox ESR < 68.8, Firefox < 76, and Thunderbird < 68.8.0.

Weaknesses
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE Status
PUBLISHED
CNA
Mozilla Corporation
Published Date
2020-05-26 17:15:10
(4 years ago)
Updated Date
2021-07-21 11:39:23
(3 years ago)

Affected Products

Microsoft

Mozilla

Configuration #1

AND
    CPE23 From Up To
OR  
  Mozilla Firefox prior 76.0 version cpe:2.3:a:mozilla:firefox < 76.0
OR  
  Running on/with
  Mozilla Firefox Esr prior 68.8.0 version cpe:2.3:a:mozilla:firefox_esr < 68.8.0
OR  
  Running on/with
  Mozilla Thunderbird prior 68.8.0 version cpe:2.3:a:mozilla:thunderbird < 68.8.0
OR  
  Running on/with
  Microsoft Windows cpe:2.3:o:microsoft:windows:-