CVE-2020-6799
Description
Command line arguments could have been injected during Firefox invocation as a shell handler for certain unsupported file types. This required Firefox to be configured as the default handler for a given file type and for a file downloaded to be opened in a third party application that insufficiently sanitized URL data. In that situation, clicking a link in the third party application could have been used to retrieve and execute files whose location was supplied through command line arguments. Note: This issue only affects Windows operating systems and when Firefox is configured as the default handler for non-default filetypes. Other operating systems are unaffected. This vulnerability affects Firefox < 73 and Firefox < ESR68.5.
Risk Information
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2020-6796,CVE-2020-6797,CVE-2020-6798,CVE-2020-6799,CVE-2020-6800 are fixed in Mozilla Firefox ESR (x64) (68.5.0) | Windows |
| Vulnerabilities CVE-2020-6796,CVE-2020-6797,CVE-2020-6798,CVE-2020-6799,CVE-2020-6800 are fixed in Mozilla Firefox ESR (68.5.0) | Windows |
| Multiple vulnerabilities fixed in Mozilla Firefox (x64) (73.0) | Windows |
| Multiple vulnerabilities fixed in Mozilla Firefox (73.0) | Windows |
| Multiple vulnerabilities fixed in Mozilla Firefox (73.0.1) | Windows |
| Multiple vulnerabilities fixed in Mozilla Firefox (x64) (73.0.1) | Windows |
| Multiple vulnerabilities are fixed in Mozilla Firefox For Mac (73.0) | Mac |
| Multiple vulnerabilities are fixed in Mozilla Firefox For Mac (73.0.1) | Mac |
| SUSE-SU-2020:0384-1(SUSE Linux Enterprise Desktop 12-SP4 ) MozillaFirefox-68.5.0-109.106.1.x86_64.rpm | Linux |
| SUSE-SU-2020:0384-1(SUSE Linux Enterprise Desktop 12-SP4 ) MozillaFirefox-debuginfo-68.5.0-109.106.1.x86_64.rpm | Linux |
| SUSE-SU-2020:0384-1(SUSE Linux Enterprise Desktop 12-SP4 ) MozillaFirefox-debugsource-68.5.0-109.106.1.x86_64.rpm | Linux |
| SUSE-SU-2020:0384-1(SUSE Linux Enterprise Desktop 12-SP4 ) MozillaFirefox-translations-common-68.5.0-109.106.1.x86_64.rpm | Linux |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-312884 | Mozilla Firefox ESR (x64) (68.5.0) |
| PATCH-312882 | Mozilla Firefox ESR (68.5.0) |
| PATCH-312881 | Mozilla Firefox (x64) (73.0) |
| PATCH-312880 | Mozilla Firefox (73.0) |
| PATCH-312956 | Mozilla Firefox (73.0.1) |
| PATCH-312957 | Mozilla Firefox (x64) (73.0.1) |
| PATCH-607000 | Mozilla Firefox For Mac (124.0) |
| PATCH-607000 | Mozilla Firefox For Mac (124.0) |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234