Home

CVE-2020-6797

Description

By downloading a file with the .fileloc extension, a semi-privileged extension could launch an arbitrary application on the users computer. The attacker is restricted as they are unable to download non-quarantined files or supply command line arguments to the application, limiting the impact. Note: this issue only occurs on Mac OSX. Other operating systems are unaffected. This vulnerability affects Thunderbird < 68.5, Firefox < 73, and Firefox < ESR68.5.

Risk Information

Base Score
4.3
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
EPSS Score
Exploitation Probability
1.02

Associated Vulnerability

VulnerabilityOS Platform
Multiple vulnerabilities fixed in Mozilla Thunderbird (x64) (68.5.0)Windows
Multiple vulnerabilities fixed in Mozilla Thunderbird (68.5.0)Windows
Vulnerabilities CVE-2020-6796,CVE-2020-6797,CVE-2020-6798,CVE-2020-6799,CVE-2020-6800 are fixed in Mozilla Firefox ESR (x64) (68.5.0)Windows
Vulnerabilities CVE-2020-6796,CVE-2020-6797,CVE-2020-6798,CVE-2020-6799,CVE-2020-6800 are fixed in Mozilla Firefox ESR (68.5.0)Windows
Multiple vulnerabilities fixed in Mozilla Firefox (x64) (73.0)Windows
Multiple vulnerabilities fixed in Mozilla Firefox (73.0)Windows
Multiple vulnerabilities fixed in Mozilla Firefox (73.0.1)Windows
Multiple vulnerabilities fixed in Mozilla Firefox (x64) (73.0.1)Windows
Multiple vulnerabilities are fixed in Mozilla Firefox For Mac (73.0)Mac
Multiple vulnerabilities are fixed in Mozilla Firefox For Mac (73.0.1)Mac
Vulnerabilities CVE-2020-6796,CVE-2020-6797,CVE-2020-6798,CVE-2020-6800,CVE-2020-6801 are fixed in Mozilla Firefox For Mac (73.0)Mac
Vulnerabilities CVE-2020-6796,CVE-2020-6797,CVE-2020-6798,CVE-2020-6800,CVE-2020-6801 are fixed in Mozilla Firefox For Mac (73.0.1)Mac
Multiple vulnerabilities are fixed in Mozilla Thunderbird For Mac (68.5.0)Mac
Multiple Vulnerabilities are affected in Mozilla Thunderbird for Mac 68.4.1Mac
Vulnerabilities CVE-2020-6796,CVE-2020-6797,CVE-2020-6798,CVE-2020-6800 are affected in Firefox ESR for Mac 68.4.1Mac
Vulnerabilities CVE-2020-6796,CVE-2020-6797,CVE-2020-6798,CVE-2020-6800 are affected in Mozilla Firefox for Mac 68.4.1Mac
Multiple Vulnerabilities are affected in Mozilla Firefox for Mac 72.0.2Mac
Vulnerabilities CVE-2020-6796,CVE-2020-6797,CVE-2020-6798,CVE-2020-6800 are fixed in Mozilla Firefox For Mac 68.5Mac
SUSE-SU-2020:0384-1(SUSE Linux Enterprise Desktop 12-SP4 ) MozillaFirefox-68.5.0-109.106.1.x86_64.rpmLinux
SUSE-SU-2020:0384-1(SUSE Linux Enterprise Desktop 12-SP4 ) MozillaFirefox-debuginfo-68.5.0-109.106.1.x86_64.rpmLinux
SUSE-SU-2020:0384-1(SUSE Linux Enterprise Desktop 12-SP4 ) MozillaFirefox-debugsource-68.5.0-109.106.1.x86_64.rpmLinux
SUSE-SU-2020:0384-1(SUSE Linux Enterprise Desktop 12-SP4 ) MozillaFirefox-translations-common-68.5.0-109.106.1.x86_64.rpmLinux

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-312894Mozilla Thunderbird (x64) (68.5.0)
PATCH-312889Mozilla Thunderbird (68.5.0)
PATCH-312884Mozilla Firefox ESR (x64) (68.5.0)
PATCH-312882Mozilla Firefox ESR (68.5.0)
PATCH-312881Mozilla Firefox (x64) (73.0)
PATCH-312880Mozilla Firefox (73.0)
PATCH-312956Mozilla Firefox (73.0.1)
PATCH-312957Mozilla Firefox (x64) (73.0.1)
PATCH-607000Mozilla Firefox For Mac (124.0)
PATCH-607000Mozilla Firefox For Mac (124.0)
PATCH-607000Mozilla Firefox For Mac (124.0)
PATCH-607000Mozilla Firefox For Mac (124.0)
PATCH-611353Mozilla Thunderbird For Mac (128.12.0)
PATCH-611807Mozilla Thunderbird For Mac (142.0)
PATCH-611808Mozilla Firefox ESR for MAC 128.14.0
PATCH-611870Mozilla Firefox For Mac (142.0.1)
PATCH-611870Mozilla Firefox For Mac (142.0.1)
PATCH-612783Mozilla Firefox For Mac (145.0.1)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234