---

CVE-2020-12392 - log back

CVE-2020-12392 edited at 09 May 2020 16:12:06
Description	- The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP POST data of a request in Firefox before 76.0, which can be controlled by the website. If a user used the 'Copy as cURL' feature and pasted the command into a terminal, it could have resulted in the disclosure of local files. + The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP POST data of a request in Firefox before 76.0 and Thunderbird before 68.8.0, which can be controlled by the website. If a user used the 'Copy as cURL' feature and pasted the command into a terminal, it could have resulted in the disclosure of local files.
References	https://www.mozilla.org/en-US/security/advisories/mfsa2020-16/#CVE-2020-12392 + https://www.mozilla.org/en-US/security/advisories/mfsa2020-18/#CVE-2020-12392 https://bugzilla.mozilla.org/show_bug.cgi?id=1614468

CVE-2020-12392 edited at 06 May 2020 09:36:15
Description	- The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP POST data of a request, which can be controlled by the website. If a user used the 'Copy as cURL' feature and pasted the command into a terminal, it could have resulted in the disclosure of local files. + The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP POST data of a request in Firefox before 76.0, which can be controlled by the website. If a user used the 'Copy as cURL' feature and pasted the command into a terminal, it could have resulted in the disclosure of local files.
References	+ https://www.mozilla.org/en-US/security/advisories/mfsa2020-16/#CVE-2020-12392 https://bugzilla.mozilla.org/show_bug.cgi?id=1614468

CVE-2020-12392 edited at 05 May 2020 17:21:08
Severity	- Unknown + Medium
Remote	- Unknown + Remote
Type	- Unknown + Content spoofing
Description	+ The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP POST data of a request, which can be controlled by the website. If a user used the 'Copy as cURL' feature and pasted the command into a terminal, it could have resulted in the disclosure of local files.
References	+ https://bugzilla.mozilla.org/show_bug.cgi?id=1614468
Notes

CVE-2020-12392 created at 05 May 2020 17:16:55