Home

CVE-2020-12393

Description

The Copy as cURL feature of Devtools network tab did not properly escape the HTTP method of a request, which can be controlled by the website. If a user used the Copy as cURL feature and pasted the command into a terminal, it could have resulted in command injection and arbitrary command execution. *Note: this issue only affects Firefox on Windows operating systems.*. This vulnerability affects Firefox ESR < 68.8, Firefox < 76, and Thunderbird < 68.8.0.

Risk Information

Base Score
7.8
MODERATE
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.48

Associated Vulnerability

VulnerabilityOS Platform
Multiple vulnerabilities fixed in Mozilla Firefox ESR (68.8.0)Windows
Multiple vulnerabilities fixed in Mozilla Firefox ESR (x64) (68.8.0)Windows
Multiple vulnerabilities fixed in Mozilla Firefox (76.0)Windows
Multiple vulnerabilities fixed in Mozilla Firefox (x64) (76.0)Windows
Multiple vulnerabilities fixed in Mozilla Thunderbird (68.8.0)Windows
Multiple vulnerabilities fixed in Mozilla Thunderbird (x64) (68.8.0)Windows
Multiple vulnerabilities fixed in Mozilla Firefox (76.0.1)Windows
Multiple vulnerabilities fixed in Mozilla Firefox (x64) (76.0.1)Windows
Multiple vulnerabilities are fixed in Mozilla Firefox For Mac (76.0)Mac
Multiple vulnerabilities are fixed in Mozilla Firefox For Mac (76.0.1)Mac
Multiple vulnerabilities are fixed in Mozilla Thunderbird For Mac (68.8.0)Mac
Multiple vulnerabilities are fixed in Mozilla Thunderbird For Mac (68.8.1)Mac
Multiple Vulnerabilities are affected in Mozilla Firefox for Mac 68.0.1Mac
Multiple Vulnerabilities are affected in Firefox ESR for Mac 68.0.1Mac
Multiple Vulnerabilities are affected in Mozilla Firefox for Mac 75.0Mac
Multiple Vulnerabilities are affected in Mozilla Thunderbird for Mac 68.7.0Mac
Multiple vulnerabilities are fixed in Mozilla Firefox For Mac 68.8Mac
SUSE-SU-2020:1218-1(SUSE Linux Enterprise Server 12-SP4 ) MozillaFirefox-68.8.0-109.119.1.x86_64.rpmLinux
SUSE-SU-2020:1218-1(SUSE Linux Enterprise Server 12-SP4 ) MozillaFirefox-debuginfo-68.8.0-109.119.1.x86_64.rpmLinux
SUSE-SU-2020:1218-1(SUSE Linux Enterprise Server 12-SP4 ) MozillaFirefox-debugsource-68.8.0-109.119.1.x86_64.rpmLinux
SUSE-SU-2020:1218-1(SUSE Linux Enterprise Server 12-SP4 ) MozillaFirefox-translations-common-68.8.0-109.119.1.x86_64.rpmLinux
SUSE-SU-2020:1218-1(SUSE Linux Enterprise Server 12-SP5 ) MozillaFirefox-68.8.0-109.119.1.x86_64_SP5.rpmLinux
SUSE-SU-2020:1218-1(SUSE Linux Enterprise Server 12-SP5 ) MozillaFirefox-debuginfo-68.8.0-109.119.1.x86_64_SP5.rpmLinux
SUSE-SU-2020:1218-1(SUSE Linux Enterprise Server 12-SP5 ) MozillaFirefox-debugsource-68.8.0-109.119.1.x86_64_SP5.rpmLinux
SUSE-SU-2020:1218-1(SUSE Linux Enterprise Server 12-SP5 ) MozillaFirefox-translations-common-68.8.0-109.119.1.x86_64_SP5.rpmLinux

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-314095Mozilla Firefox ESR (68.8.0)
PATCH-314096Mozilla Firefox ESR (x64) (68.8.0)
PATCH-314093Mozilla Firefox (76.0)
PATCH-314094Mozilla Firefox (x64) (76.0)
PATCH-314106Mozilla Thunderbird (68.8.0)
PATCH-314107Mozilla Thunderbird (x64) (68.8.0)
PATCH-314163Mozilla Firefox (76.0.1)
PATCH-314164Mozilla Firefox (x64) (76.0.1)
PATCH-607000Mozilla Firefox For Mac (124.0)
PATCH-607000Mozilla Firefox For Mac (124.0)
PATCH-611353Mozilla Thunderbird For Mac (128.12.0)
PATCH-611353Mozilla Thunderbird For Mac (128.12.0)
PATCH-611870Mozilla Firefox For Mac (142.0.1)
PATCH-611808Mozilla Firefox ESR for MAC 128.14.0
PATCH-611870Mozilla Firefox For Mac (142.0.1)
PATCH-611807Mozilla Thunderbird For Mac (142.0)
PATCH-612783Mozilla Firefox For Mac (145.0.1)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234