CVE-2020-6799

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Command line arguments could have been injected during Firefox invocation as a shell handler for certain unsupported file types. This required Firefox to be configured as the default handler for a given file type and for a file downloaded to be opened in a third party application that insufficiently sanitized URL data. In that situation, clicking a link in the third party application could have been used to retrieve and execute files whose location was supplied through command line arguments. Note: This issue only affects Windows operating systems and when Firefox is configured as the default handler for non-default filetypes. Other operating systems are unaffected. This vulnerability affects Firefox < 73 and Firefox < ESR68.5.

References

https://www.mozilla.org/security/advisories/mfsa2020-06/

https://bugzilla.mozilla.org/show_bug.cgi?id=1606596

https://www.mozilla.org/security/advisories/mfsa2020-05/

https://security.gentoo.org/glsa/202003-02

Details

Source: MITRE

Published: 2020-03-02

Updated: 2021-07-21

Type: CWE-20

Risk Information

CVSS v2

Base Score: 5.1

Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 4.9

Severity: MEDIUM

CVSS v3

Base Score: 8.8

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 2.8

Severity: HIGH

Tenable Plugins

View all (8 total)

IDNameProductFamilySeverity
150679SUSE SLES11 Security Update : MozillaFirefox (SUSE-SU-2020:14290-1)NessusSuSE Local Security Checks
high
134469GLSA-202003-02 : Mozilla Firefox: Multiple vulnerabilitiesNessusGentoo Local Security Checks
critical
133762SUSE SLED12 / SLES12 Security Update : MozillaFirefox (SUSE-SU-2020:0384-1)NessusSuSE Local Security Checks
high
133761SUSE SLED15 / SLES15 Security Update : MozillaFirefox (SUSE-SU-2020:0383-1)NessusSuSE Local Security Checks
high
133759openSUSE Security Update : MozillaFirefox (openSUSE-2020-230)NessusSuSE Local Security Checks
high
133693Mozilla Firefox < 73.0NessusWindows
high
133677Mozilla Firefox ESR < 68.5 Multiple VulnerabilitiesNessusWindows
high
133642Slackware 14.2 / current : mozilla-firefox (SSA:2020-042-01)NessusSlackware Local Security Checks
high