CVE-2020-6811 log

Source
Severity Medium
Remote Yes
Type Arbitrary command execution
Description
A security issue has been found in Firefox before 74 and Thunderbird before 68.6, where the 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP method of a request, which can be controlled by the website. If a user used the 'Copy as Curl' feature and pasted the command into a terminal, it could have resulted in command injection and arbitrary command execution.
Group Package Affected Fixed Severity Status Ticket
AVG-1115 thunderbird 68.5.0-1 68.6.0-1 Critical Fixed
AVG-1112 firefox 73.0.1-1 74.0-1 Critical Fixed
Date Advisory Group Package Severity Description
11 Mar 2020 ASA-202003-8 AVG-1112 firefox Critical multiple issues
16 Mar 2020 ASA-202003-11 AVG-1115 thunderbird Critical multiple issues
References
https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2020-6811
https://www.mozilla.org/en-US/security/advisories/mfsa2020-10/#CVE-2020-6811
https://bugzilla.mozilla.org/show_bug.cgi?id=1607742