CVE-2020-6799
CVSS v3.1
8.8 (High)
CVSS v2.0
5.1 (Medium)
EPSS
0.28 % (69th)
Affected Products
3
Advisories
8
Command line arguments could have been injected during Firefox invocation as a shell handler for certain unsupported file types. This required Firefox to be configured as the default handler for a given file type and for a file downloaded to be opened in a third party application that insufficiently sanitized URL data. In that situation, clicking a link in the third party application could have been used to retrieve and execute files whose location was supplied through command line arguments. Note: This issue only affects Windows operating systems and when Firefox is configured as the default handler for non-default filetypes. Other operating systems are unaffected. This vulnerability affects Firefox < 73 and Firefox < ESR68.5.
Weaknesses
- CWE-88
- Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
- CVE Status
- PUBLISHED
- CNA
- Mozilla Corporation
- Published Date
-
2020-03-02 05:15:13
(4 years ago) - Updated Date
-
2022-01-01 19:35:47
(2 years ago)
Affected Products
Loading...
Loading...
Loading...
Configuration #1
AND |
|
---|
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...