CVE-2020-12392 log

Severity Medium
Remote Yes
Type Content spoofing
The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP POST data of a request in Firefox before 76.0 and Thunderbird before 68.8.0, which can be controlled by the website. If a user used the 'Copy as cURL' feature and pasted the command into a terminal, it could have resulted in the disclosure of local files.
Group Package Affected Fixed Severity Status Ticket
AVG-1155 thunderbird 68.7.0-2 68.8.0-1 Critical Fixed
AVG-1148 firefox 75.0-1 76.0-1 Critical Fixed
Date Advisory Group Package Severity Type
09 May 2020 ASA-202005-7 AVG-1155 thunderbird Critical multiple issues
06 May 2020 ASA-202005-3 AVG-1148 firefox Critical multiple issues