 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| CVE ID: | CVE-2020-6799 |
| Description: | Command line arguments could have been injected during Firefox invocation as a shell handler for certain unsupported file types. This required Firefox to be configured as the default handler for a given file type and for a file downloaded to be opened in a third party application that insufficiently sanitized URL data. In that situation, clicking a link in the third party application could have been used to retrieve and execute files whose location was supplied through command line arguments. Note: This issue only affects Windows operating systems and when Firefox is configured as the default handler for non- default filetypes. Other operating systems are unaffected. This vulnerability affects Firefox < 73 and Firefox < ESR68.5. |
| Test IDs: | 1.3.6.1.4.1.25623.1.1.4.2020.0383.1 1.3.6.1.4.1.25623.1.1.4.2020.0384.1 1.3.6.1.4.1.25623.1.0.853040 |
| Cross References: |
Common Vulnerability Exposure (CVE) ID: CVE-2020-6799 https://security.gentoo.org/glsa/202003-02 https://bugzilla.mozilla.org/show_bug.cgi?id=1606596 https://www.mozilla.org/security/advisories/mfsa2020-05/ https://www.mozilla.org/security/advisories/mfsa2020-06/ |