CVE-2020-6811 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	Medium
Remote	Yes
Type	Arbitrary command execution
Description	A security issue has been found in Firefox before 74 and Thunderbird before 68.6, where the 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP method of a request, which can be controlled by the website. If a user used the 'Copy as Curl' feature and pasted the command into a terminal, it could have resulted in command injection and arbitrary command execution.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-1115	thunderbird	68.5.0-1	68.6.0-1	Critical	Fixed
AVG-1112	firefox	73.0.1-1	74.0-1	Critical	Fixed

Date	Advisory	Group	Package	Severity	Type
11 Mar 2020	ASA-202003-8	AVG-1112	firefox	Critical	multiple issues
16 Mar 2020	ASA-202003-11	AVG-1115	thunderbird	Critical	multiple issues

References
https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2020-6811 https://www.mozilla.org/en-US/security/advisories/mfsa2020-10/#CVE-2020-6811 https://bugzilla.mozilla.org/show_bug.cgi?id=1607742

References

https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2020-6811
https://www.mozilla.org/en-US/security/advisories/mfsa2020-10/#CVE-2020-6811
https://bugzilla.mozilla.org/show_bug.cgi?id=1607742