The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.
Command line arguments could have been injected during Firefox invocation as a shell handler for certain unsupported file types. This required Firefox to be configured as the default handler for a given file type and for a file downloaded to be opened in a third party application that insufficiently sanitized URL data. In that situation, clicking a link in the third party application could have been used to retrieve and execute files whose location was supplied through command line arguments. Note: This issue only affects Windows operating systems and when Firefox is configured as the default handler for non-default filetypes. Other operating systems are unaffected. This vulnerability affects Firefox < 73 and Firefox < ESR68.5.
Base Score: 5.1
Impact Score: 6.4
Exploitability Score: 4.9
Base Score: 8.8
Impact Score: 5.9
Exploitability Score: 2.8
|150679||SUSE SLES11 Security Update : MozillaFirefox (SUSE-SU-2020:14290-1)||Nessus||SuSE Local Security Checks|
|134469||GLSA-202003-02 : Mozilla Firefox: Multiple vulnerabilities||Nessus||Gentoo Local Security Checks|
|133762||SUSE SLED12 / SLES12 Security Update : MozillaFirefox (SUSE-SU-2020:0384-1)||Nessus||SuSE Local Security Checks|
|133761||SUSE SLED15 / SLES15 Security Update : MozillaFirefox (SUSE-SU-2020:0383-1)||Nessus||SuSE Local Security Checks|
|133759||openSUSE Security Update : MozillaFirefox (openSUSE-2020-230)||Nessus||SuSE Local Security Checks|
|133693||Mozilla Firefox < 73.0||Nessus||Windows|
|133677||Mozilla Firefox ESR < 68.5 Multiple Vulnerabilities||Nessus||Windows|
|133642||Slackware 14.2 / current : mozilla-firefox (SSA:2020-042-01)||Nessus||Slackware Local Security Checks|