1. Home
  2. Vulnerabilities
  3. CVE-2020-6797

CVE-2020-6797

CVSS v3.1 4.3 (Medium)
43% Progress
CVSS v2.0 4.3 (Medium)
43% Progress
EPSS 0.13 % (49th)
0.13% Progress
Affected Products 4
Advisories 12
Info CVSS EPSS CAPEC Affected Configurations References Security Advisories Packages & Software OVAL Tools, Exploits & PoC Graph Web & Social Timeline

By downloading a file with the .fileloc extension, a semi-privileged extension could launch an arbitrary application on the user's computer. The attacker is restricted as they are unable to download non-quarantined files or supply command line arguments to the application, limiting the impact. Note: this issue only occurs on Mac OSX. Other operating systems are unaffected. This vulnerability affects Thunderbird < 68.5, Firefox < 73, and Firefox < ESR68.5.

Weaknesses
CWE-20
Improper Input Validation
CVE Status
PUBLISHED
CNA
Mozilla Corporation
Published Date
2020-03-02 05:15:13
(4 years ago)
Updated Date
2021-09-16 13:17:42
(3 years ago)

Affected Products

Apple

Mozilla

Configuration #1

AND
    CPE23 From Up To
OR  
  Mozilla Firefox prior 73.0 version cpe:2.3:a:mozilla:firefox < 73.0
OR  
  Running on/with
  Mozilla Firefox Esr prior 68.5.0 version cpe:2.3:a:mozilla:firefox_esr < 68.5.0
OR  
  Running on/with
  Mozilla Thunderbird prior 68.5.0 version cpe:2.3:a:mozilla:thunderbird < 68.5.0
OR  
  Running on/with
  Apple Macos cpe:2.3:o:apple:macos:-