CVE-2020-12392

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP POST data of a request, which can be controlled by the website. If a user used the 'Copy as cURL' feature and pasted the command into a terminal, it could have resulted in the disclosure of local files. This vulnerability affects Firefox ESR < 68.8, Firefox < 76, and Thunderbird < 68.8.0.

References

https://bugzilla.mozilla.org/show_bug.cgi?id=1614468

https://www.mozilla.org/security/advisories/mfsa2020-17/

https://www.mozilla.org/security/advisories/mfsa2020-18/

https://www.mozilla.org/security/advisories/mfsa2020-16/

https://usn.ubuntu.com/4373-1/

https://security.gentoo.org/glsa/202005-03

https://security.gentoo.org/glsa/202005-04

Details

Source: MITRE

Published: 2020-05-26

Updated: 2021-07-21

Type: CWE-200

Risk Information

CVSS v2

Base Score: 2.1

Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N

Impact Score: 2.9

Exploitability Score: 3.9

Severity: LOW

CVSS v3

Base Score: 5.5

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Impact Score: 3.6

Exploitability Score: 1.8

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*

cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*

Tenable Plugins

View all (52 total)

IDNameProductFamilySeverity
150555SUSE SLES11 Security Update : MozillaFirefox (SUSE-SU-2020:14359-1)NessusSuSE Local Security Checks
critical
147407NewStart CGSL MAIN 4.06 : firefox Multiple Vulnerabilities (NS-SA-2021-0004)NessusNewStart CGSL Local Security Checks
critical
147312NewStart CGSL MAIN 4.06 : thunderbird Multiple Vulnerabilities (NS-SA-2021-0002)NessusNewStart CGSL Local Security Checks
critical
145906CentOS 8 : thunderbird (CESA-2020:2046)NessusCentOS Local Security Checks
critical
143979NewStart CGSL CORE 5.05 / MAIN 5.05 : thunderbird Multiple Vulnerabilities (NS-SA-2020-0093)NessusNewStart CGSL Local Security Checks
critical
143948NewStart CGSL CORE 5.05 / MAIN 5.05 : firefox Multiple Vulnerabilities (NS-SA-2020-0097)NessusNewStart CGSL Local Security Checks
critical
143928NewStart CGSL CORE 5.04 / MAIN 5.04 : firefox Multiple Vulnerabilities (NS-SA-2020-0064)NessusNewStart CGSL Local Security Checks
critical
143912NewStart CGSL CORE 5.04 / MAIN 5.04 : thunderbird Multiple Vulnerabilities (NS-SA-2020-0074)NessusNewStart CGSL Local Security Checks
critical
138776NewStart CGSL MAIN 6.01 : thunderbird Multiple Vulnerabilities (NS-SA-2020-0036)NessusNewStart CGSL Local Security Checks
critical
136894Ubuntu 16.04 LTS / 18.04 LTS / 19.10 / 20.04 : Thunderbird vulnerabilities (USN-4373-1)NessusUbuntu Local Security Checks
critical
136776CentOS 7 : thunderbird (CESA-2020:2050)NessusCentOS Local Security Checks
critical
136775CentOS 6 : thunderbird (CESA-2020:2049)NessusCentOS Local Security Checks
critical
136773CentOS 7 : firefox (CESA-2020:2037)NessusCentOS Local Security Checks
critical
136772CentOS 6 : firefox (CESA-2020:2036)NessusCentOS Local Security Checks
critical
136752Amazon Linux 2 : thunderbird (ALAS-2020-1429)NessusAmazon Linux Local Security Checks
critical
136658SUSE SLED15 / SLES15 Security Update : MozillaThunderbird (SUSE-SU-2020:1225-1)NessusSuSE Local Security Checks
critical
136654SUSE SLES12 Security Update : MozillaFirefox (SUSE-SU-2020:1218-1)NessusSuSE Local Security Checks
critical
136649SUSE SLED15 / SLES15 Security Update : MozillaFirefox (SUSE-SU-2020:1209-1)NessusSuSE Local Security Checks
critical
136600Oracle Linux 8 : thunderbird (ELSA-2020-2046)NessusOracle Linux Local Security Checks
critical
136545Ubuntu 16.04 LTS / 18.04 LTS / 19.10 / 20.04 : Firefox regression (USN-4353-2)NessusUbuntu Local Security Checks
critical
136543Oracle Linux 7 : thunderbird (ELSA-2020-2050)NessusOracle Linux Local Security Checks
critical
136541GLSA-202005-04 : Mozilla Firefox: Multiple vulnerabilitiesNessusGentoo Local Security Checks
critical
136540GLSA-202005-03 : Mozilla Thunderbird: Multiple vulnerabilitiesNessusGentoo Local Security Checks
critical
136487Scientific Linux Security Update : thunderbird on SL7.x x86_64 (20200511)NessusScientific Linux Local Security Checks
critical
136486Scientific Linux Security Update : thunderbird on SL6.x i386/x86_64 (20200511)NessusScientific Linux Local Security Checks
critical
136477RHEL 6 : thunderbird (RHSA-2020:2049)NessusRed Hat Local Security Checks
critical
136476RHEL 8 : thunderbird (RHSA-2020:2046)NessusRed Hat Local Security Checks
critical
136475RHEL 7 : thunderbird (RHSA-2020:2050)NessusRed Hat Local Security Checks
critical
136471RHEL 8 : thunderbird (RHSA-2020:2047)NessusRed Hat Local Security Checks
critical
136470RHEL 8 : thunderbird (RHSA-2020:2048)NessusRed Hat Local Security Checks
critical
136461openSUSE Security Update : MozillaThunderbird (openSUSE-2020-643)NessusSuSE Local Security Checks
critical
136450openSUSE Security Update : MozillaFirefox (openSUSE-2020-621)NessusSuSE Local Security Checks
critical
136431Debian DSA-4683-1 : thunderbird - security updateNessusDebian Local Security Checks
critical
136428Debian DLA-2206-1 : thunderbird security updateNessusDebian Local Security Checks
critical
136427Debian DLA-2205-1 : firefox-esr security updateNessusDebian Local Security Checks
critical
136420Ubuntu 16.04 LTS / 18.04 LTS / 19.10 / 20.04 : firefox vulnerabilities (USN-4353-1)NessusUbuntu Local Security Checks
critical
136418Oracle Linux 7 : firefox (ELSA-2020-2037)NessusOracle Linux Local Security Checks
critical
136404Mozilla Firefox < 76.0NessusWindows
critical
136403Mozilla Firefox < 76.0NessusMacOS X Local Security Checks
critical
136392Slackware 14.2 / current : mozilla-firefox (SSA:2020-126-01)NessusSlackware Local Security Checks
critical
136390Scientific Linux Security Update : firefox on SL7.x x86_64 (20200506)NessusScientific Linux Local Security Checks
critical
136389Scientific Linux Security Update : firefox on SL6.x i386/x86_64 (20200506)NessusScientific Linux Local Security Checks
critical
136374Debian DSA-4678-1 : firefox-esr - security updateNessusDebian Local Security Checks
critical
136359Mozilla Thunderbird < 68.8.0NessusWindows
critical
136358Mozilla Thunderbird < 68.8.0NessusMacOS X Local Security Checks
critical
136357Mozilla Firefox ESR < 68.8NessusWindows
critical
136356Mozilla Firefox ESR < 68.8NessusMacOS X Local Security Checks
critical
136354RHEL 6 : firefox (RHSA-2020:2036)NessusRed Hat Local Security Checks
critical
136351RHEL 7 : firefox (RHSA-2020:2037)NessusRed Hat Local Security Checks
critical
136344RHEL 8 : firefox (RHSA-2020:2033)NessusRed Hat Local Security Checks
critical
136343RHEL 8 : firefox (RHSA-2020:2032)NessusRed Hat Local Security Checks
critical
136342RHEL 8 : firefox (RHSA-2020:2031)NessusRed Hat Local Security Checks
critical