The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP method of a request, which can be controlled by the website. If a user used the 'Copy as cURL' feature and pasted the command into a terminal, it could have resulted in command injection and arbitrary command execution. *Note: this issue only affects Firefox on Windows operating systems.* External Reference: https://www.mozilla.org/en-US/security/advisories/mfsa2020-17/#CVE-2020-12393
Acknowledgments: Name: the Mozilla project Upstream: David Yesland
Statement: This issue only affects Firefox on Windows operating systems. Firefox on Linux is not affected.
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2020-12393