Bug 1831946 (CVE-2020-12393)
Summary: | CVE-2020-12393 Mozilla: Devtools' 'Copy as cURL' feature did not fully escape website-controlled data, potentially leading to command injection | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Doran Moppert <dmoppert> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED WONTFIX | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | cschalle, gecko-bugs-nobody, jhorak, security-response-team, stransky |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | firefox 68.8 | Doc Type: | No Doc Update |
Doc Text: |
The Mozilla Foundation Security Advisory describes this flaw as
The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP method of a request, which can be controlled by the website. If a user used the 'Copy as cURL' feature and pasted the command into a terminal, it could have resulted in command injection and arbitrary command execution.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2020-05-06 04:31:52 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 1828970 |
Description
Doran Moppert
2020-05-06 01:28:00 UTC
Acknowledgments: Name: the Mozilla project Upstream: David Yesland Statement: This issue only affects Firefox on Windows operating systems. Firefox on Linux is not affected. This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2020-12393 |