The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP method of a request, which can be controlled by the website. If a user used the 'Copy as Curl' feature and pasted the command into a terminal, it could have resulted in command injection and arbitrary command execution. External Reference: https://www.mozilla.org/en-US/security/advisories/mfsa2020-09/#CVE-2020-6811
Acknowledgments: Name: the Mozilla project Upstream: Ophir LOJKINE
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2020:0815 https://access.redhat.com/errata/RHSA-2020:0815
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2020:0816 https://access.redhat.com/errata/RHSA-2020:0816
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2020-6811
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions Via RHSA-2020:0819 https://access.redhat.com/errata/RHSA-2020:0819
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:0820 https://access.redhat.com/errata/RHSA-2020:0820
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2020:0905 https://access.redhat.com/errata/RHSA-2020:0905
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions Via RHSA-2020:0918 https://access.redhat.com/errata/RHSA-2020:0918
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:0919 https://access.redhat.com/errata/RHSA-2020:0919
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2020:0914 https://access.redhat.com/errata/RHSA-2020:0914